TMCnet News
VDC Research Study Finds Only Half of IoT Projects are Testing for Software SecurityGrammaTech, a leading provider of application security testing products and software research services, today released the findings from a research survey conducted by VDC Research on the state of software supply chain security testing. Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security. Meanwhile, when asked to rank the importance of security to current projects, 73.6% of respondents said it was important, very important or critical. For years, the pace of needed innovation outstripped the rate of resource growth within development and QA organizations, making it difficult to keep pace with requirements organically. With organizations no longer able to center their code creation strategy on custom code, a premium has been placed on using content from other sources. With this growing complexity of the software supply chain, according to VDC Research, security has become a ubiquitous and paramount issue, based on the potential impacts to corporate risk, liability and damage to brand reputation. "With more complex software supply chains becoming the norm, organizations are leaning on these third-party assets to accelerate their internal software development, which creates security blind spots," said Chris Rommel, Executive Vice President, IoT & Industrial Technology for VDC Research. "With standards such as IEC (News - Alert) 62443 requiring increased security of IoT devices, new testing capabilities are needed to address these software creation changes to ensure code quality and minimize risk." Report Highlights IoT developers are drawing from a vast pool of third party code sources, each bringing its own potential IP and security baggage. The following key findings from the VDC Research survey illustrate these trends and the risks they pose:
The full report, Finding Sources of Security in the Complex Software Supply Chains of Tomorrow, is available here. About GrammaTech GrammaTech is a leading global provider of application security testing (AST) solutions used by the world's most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation's civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD, a Research and Development Center in Ithaca NY, and publishes Shift Left Academy an educational resource for software developers. Visit us at https://www.grammatech.com/, and follow us on LinkedIn and Twitter. CodeSonar® and CodeSentry® are registered trademarks of GrammaTech, Inc.
View source version on businesswire.com: https://www.businesswire.com/news/home/20210512005116/en/ |