The most popular and comprehensive Open Source ECM platform
Bulletproof software might be the ideal, but achieving it can be elusive. A report from Veracode found that 85 percent of all software had at least one vulnerability and that 13 percent of all software has at least one high-severity flaw. It’s likely that those numbers are low.
The problem is that development teams often assign security a low priority. Developers are typically more concerned with application speed and usability and just getting software released so that users can start working with it. The release date and frequency of release often overrule all other priorities.
The best way to put higher priority on security for there to be a change in company leadership priorities.
Allan Wintersieck, CTO at Devetry, said that “the hardest part is caring about the issues the team raises and actually acting on them. If someone brings up a valid security concern that will take a week to fix, then you have to delay your release by a week and fix it. Your actions are louder than your words. If you tell everyone you care about security, but never make any sacrifices for it, then the team will know it’s hollow and meaningless and promptly stop caring no matter what you say.”