Veracode And Code Security
It’s almost a decade since Marc Andreessen wrote his influential “Why Software Is Eating the World” article in The Wall Street Journal. In the article he outlined how software systems were, and would continue to, disrupt and replace traditional business models with layers of software and applications on the web and mobile devices.
His prediction has proved remarkably prescient. Over the last few years, the number of applications in use on mobile devices has exploded, with both the Apple App Store and Google Play Store each hosting over 2 million apps. Over the same period, web applications and services operating within the Application Layer 7 of the network stack have also increased.
This proliferation of applications has meant that there has been a corresponding increase in the number of developers working on business systems & applications, and in the lines of code they are writing and using from third-party frameworks and APIs.
Code vulnerabilities and security
All software has bugs. The goal is to minimise the bugs and to address them as soon as they are discovered. With the increase in the code being written, there has been a corresponding increase in the use of third-party frameworks and APIs. These prebuilt frameworks are designed to reduce the amount of code that developers need to write from scratch, and so reduce time to market for customer line of business apps and software.
Many of these frameworks are often opaque to the developers using them and as a result can contain bugs and security vulnerabilities. Surveys have shown that at least 85% of all applications have at least one security vulnerability, with 13% of those containing what would be classed as a critical security flaw. It’s also a fact that many flaws remain unfixed for extended periods.
This is not surprising. Keeping current on the state of application security is a monumental task. No sooner has an application security or DevOps team gotten all known vulnerabilities in frameworks and APIs patched, than another set surfaces. It’s not without merit that the task of application security is compared to Sisyphus pushing his rock to the summit of the hill over and over again.
We can help you stay at the summit
Veracode provide a suite of tools that help you reach the summit of the security hill and allow you to stay there as new vulnerabilities come to light. The tools integrate with the development tools that modern application and web developers use, and provide for real-time scanning of binaries, code libraries, and custom code to identify known issues and highlight them so they can be fixed.
Veracode has over 10 years of historical analysis on which to draw when scanning applications for vulnerabilities. The tools have been used to scan over 8 Trillion lines of code and have identified and helped organisations fix over 32 Million flaws. Over 2000 organisations put their trust in Veracode to help make their applications and code more secure.
Application security is a significant component of Internet security. It sits alongside and is as important as network & edge security, malware protection, SSL/TLS encryption and more. If your organisation does any development or buys applications from third parties, then the Veracode tool suite provides the means to check that vulnerabilities that might compromise your data don’t exist in the applications.
If you would like further information or to discuss how a Veracode solution could fit into your business, give me a call I would be happy to help.
 Number of Apps available in leading app stores as of Q3 2018