The United States, United Kingdom and other governments around the globe are making strides to defend against software supply chain attacks and strengthen the cybersecurity resilience of their departments, partners, and stakeholders. Technology companies are following these developments and emerging government guidance closely, understanding that in a post-SolarWinds and Log4j world, their roles in securing the software they create – along with the applications they use to deliver new innovations – are rapidly evolving.
This heightened awareness has not fully translated into stronger security measures, however. Our recent State of Software Security v12 (SOSS) report found that, when compared to other industries, the technology sector has the second-highest proportion of applications with security flaws, as well as the highest proportion of applications with high-severity flaws.
This heightened awareness has not fully translated into stronger security measures, however. Our recent State of Software Security v12 (SOSS) report found that, when compared to other industries, the technology sector has the second-highest proportion of applications with security flaws, as well as the highest proportion of applications with high-severity flaws.
Given the nature of the industry, it could be argued that tech companies create far more applications –…
