Pieter Danhieux secure code warrior.
Getty
In 2023, organizations will continue to pedal the superhighway to innovation. It’s all about moving faster and sprinting to reveal the ‘next big thing’. For software developers, this means more code with shorter turnarounds while trying to wow the world with products far more productive, efficient, intelligent, and even bolder than anything that exists today. means to create
However, if you look closely, you can see some holes in the highway. The “do it now” mentality will continue to sacrifice security for speed. This, combined with the reluctance to migrate from legacy systems and tools that create risk, can leave organizations at risk and at risk.
With that in mind, here are three software security predictions for 2023.
Addressing a vulnerable legacy will be critical for the healthcare industry.
As of late November, there were 580 cases of hospital, laboratory, clinic, pharmacy, and other health care provider breaches reported to the U.S. Department of Health and Human Services (HHS) in 2022, up from Up from 316 reported breaches. According to Verizon’s 2022 Data Breach Investigations Report (DBIR), healthcare ranks third among all sectors, behind financial and professional services.
Incidents will never stop unless industry organizations can deal with the precarious state of complex legacy systems and tools. It’s too easy for access control errors, misconfigurations, code issues, and other potential exploits to go unpatched. Compromising just one of these can have serious consequences for an attacker.
Like their counterparts in all sectors, many healthcare organizations are fully committed to digital transformation. As part of your transformation, move away from these legacy using cloud solutions that offer scalability and streamlined costs in addition to performing comprehensive audits of actively used software and components should be prioritized.
Code development teams go to school.
There is an inconvenient truth as we enter the new year. Most developers don’t care much about security. According to a joint study by Evans Data and Secure Code Warrior, it is actually he who thinks this is a higher priority than ensuring code quality, improving application performance, and solving real-world problems. is only 14%. Even more concerning, the survey found that two-thirds of his developers were shipping code containing vulnerabilities. A third said they didn’t know how to identify or fix common vulnerabilities, and a quarter felt that fixing insecure code was someone else’s job.
Clearly, this is a cultural mindset that needs to change to the point where teams default to “security first” in their development processes. The industry as a whole needs to adopt skill validation and training programs that help team members distinguish between bad and good coding patterns so that they can focus on building secure software the first time.
Encouragingly, according to our research, 9 out of 10 developers admit they need training. Many of them want hands-on sessions with real-world examples relevant to their work, hands-on interactivity, and opportunities to practice writing secure code as part of their training. Given this, organizations should invest in more personalized and hands-on training to avoid the “check the box” approach that runs on static computer programs. Second, teams should be incentivized by directly tying the creation of secure code as part of annual reviews to raises, bonuses, promotions, etc.
That way the investment should pay for itself and some afterward. High-quality code that is protected from the start requires far less rework than code that has security installed as an afterthought.
Companies will see software bills of materials as a “must have” rather than a “nice to have” from technology vendors.
Specifically, according to a Venafi survey, 82% of CIOs say their organizations are vulnerable to attacks targeting the software supply chain. Conceptually, a software bill of materials (SBOM) is much like a food ingredient list. We provide customers with a comprehensive list of all open source and third-party components that support our code and patch status to help identify risks.
As companies seek to protect themselves from supply chain attacks, SBOMs from vendors are increasingly required, followed by trust and safety audits. Unfortunately, vendors may not care as much about security as they sell their products, so this level of due diligence proves essential. In 2023, the best vendors will publish this information as a source of pride and professional differentiation from their competitors.
Don’t expect the pace of developer work to slow down in the New Year. We live in perhaps the most exciting time of technological advancement ever, with a constant race to the top.
However, getting there first doesn’t necessarily give you a clear edge over your competitors. Not if the rapid tempo of innovation arrives at the cost of additional risk/exposure. By removing or modifying legacy systems, incorporating a “security first” software commitment, and making SBOM a business requirement, organizations can focus on protecting customers and users as much as they do on inspiring them. You can show that you are placing This is a great way to bring him into 2023.
The Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. am i eligible?
