Software will have bugs, but the issues are often in third-party libraries and open source frameworks, not in the code the developers actually wrote. No matter how good the actual code, if these components aren’t managed and checked regularly, the final application remains vulnerable.
“Continued pressure to build high-quality software with ever-shorter development cycles and the ongoing explosion of new architecture patterns, such as microservices, has developers doubling down on the already prevailing dependence of third-party components in enterprise applications,” application security firm Veracode wrote in its 2016 State of Software Security report.
To read this article in full or to leave a comment, please click here