Report Reveals 75% of Firms Deploy Vulnerable Code Due to CISO Pressure

What's Happening? A recent report by Checkmarx highlights a concerning trend in the cybersecurity landscape, where 75% of firms have admitted to deploying vulnerable code into production environments. This decision is largely driven by pressure on Chief Information Security Officers (CISOs) to meet

AI & New Tech

SEE ALL

Trendline

Anthropic's Claude Mythos AI Model Accelerates Exploit Creation, Raising Cybersecurity Concerns

Trendline

SLB and Qualcomm Collaborate on Edge AI for Energy Operations

Trendline

Meta Launches $115 Million AI Workforce Academy in Indiana to Address Skills Shortage

What is the story about?

What's Happening?

A recent report by Checkmarx highlights a concerning trend in the cybersecurity landscape, where 75% of firms have admitted to deploying vulnerable code into production environments. This decision is largely driven by pressure on Chief Information Security

Officers (CISOs) to meet business deadlines, often at the expense of cybersecurity compliance. The report, based on a survey of 2,350 CISOs, AppSec managers, and developers from 14 countries, reveals that 95% of CISOs have felt compelled to suppress or delay reporting security issues. The reasons for deploying vulnerable code include reliance on compensating controls, the urgency to meet deadlines, and the late detection of vulnerabilities. The report also notes the increasing use of AI-generated code, which, while efficient, may introduce new vulnerabilities. Sandeep Johri, CEO of Checkmarx, emphasizes the need for a new security model that combines AI with human oversight to effectively manage these risks.

Why It's Important?

The deployment of vulnerable code poses significant risks to organizations, potentially exposing them to cyber threats and data breaches. As the report indicates, the mean time to exploit vulnerabilities has decreased to mere minutes, leaving organizations vulnerable if issues are not promptly addressed. This situation underscores the critical need for robust cybersecurity measures and governance, especially as AI becomes more integrated into coding processes. The findings highlight a disconnect between the urgency of cybersecurity threats and the incremental steps organizations are taking to mitigate them. This could have far-reaching implications for industries reliant on secure digital infrastructure, potentially affecting consumer trust and regulatory compliance.

What's Next?

Organizations are expected to enhance their cybersecurity frameworks by strengthening governance, particularly around AI, and reducing fragmentation across tools and processes. This may involve adopting more comprehensive security models that integrate AI with human oversight to identify and remediate vulnerabilities more effectively. As the cybersecurity landscape evolves, companies will likely face increased scrutiny from regulators and stakeholders to ensure robust security practices. The report suggests that organizations remain optimistic about their ability to meet these challenges, but significant efforts will be required to close the gap between identifying and fixing vulnerabilities.