Organizations are increasingly agile today, producing and deploying software applications faster than ever before. But this requires all the elements in the software development life cycle (SDLC) to work together cohesively. Security practices in the SDLC become especially important, given that more than half of security flaws result from preventable coding mistakes. Ensuring that developers are on board with security practices is even more critical to improve the process efficiency.

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991.

The first software development team I worked on operated on the follow mantra: Make it work. Then, make it fast. Then, make it elegant (maybe). Meaning, don’t worry about performance optimizations until your code actually does what it’s supposed to do, and don’t worry about code maintainability until after you know it both works and performs well. Users generally have no idea how maintainable the code is, but they do know if the application is broken or slow.

In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?

If you want to stay current, you have to keep up with what’s trending, no matter if it’s politics, healthcare, education, finance, or entertainment. Or software security, which in a connected world is behind everything on that list above. Software isn’t just important, it’s essential. The world as we know it wouldn’t function or even exist without it.

Knowing what could hurt you can help you. That’s the point of the nonprofit MITRE’s 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors (CWE Top 25) list, released a few weeks ago.

The Building Security In Maturity Model (BSIMM)—the annual report on the evolution of software security initiatives (SSIs)—is gaining some maturity itself. The latest report, which went public this week, is the 11th iteration. Some things haven’t changed. The fundamental goal remains what it was at the start, more than a decade ago.