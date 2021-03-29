HackEDU Report Shows Developers Have Repeated Same Vulnerabilities At Top of OWASP Top 10 for 14 Years
Analysis Of Tens Of Thousands Of Developers Shows Lack Of Training Hampers Secure Coding Efforts
Mar 29, 2021, 07:08 ET
SANTA MONICA, Calif., March 29, 2021 /PRNewswire/ -- HackEDU has released the 2021 Vulnerabilities Benchmark Report. The report, based on anonymous data from tens of thousands of software developers from hundreds of companies on HackEDU's secure coding training platform, provides insights on the state of application vulnerabilities across a broad range of industries.
The 2021 Vulnerabilities Benchmark Report highlights the concern in the security community about the secure coding knowledge levels among developers. "It defies logic, but injection vulnerabilities have been number 1 or number 2 on the OWASP Top 10 for 14 years. When we dug into the data, we realized that it's not a coincidence that these are also the same vulnerabilities that are most often fixed incorrectly by developers," said Jared Ablon, CEO of HackEDU. "Software and web applications are the top attack vectors for breaches, and one of the concerns we hear CISOs voicing is the fact that less than half of developers have been trained in secure coding practices. This leaves a major gap that needs to be addressed as part of their efforts to shift left."
The 2021 Vulnerabilities Benchmark report states that the biggest concern in application security among security leaders is the use of open source or third-party software. "Third party software providers may be slow to release patches, and even when they're released, they may not get applied right away. In many cases, the patch never gets applied because there's a fear of breaking dependencies. The root cause of the problem is poor secure coding knowledge, and this can be mitigated with proper training."
The report also offers a guide for how to use the contents of the report to secure the software development lifecycle.
