Code Dx, Inc., a provider of a robust suite of fast and affordable tools that help software developers, testers and security analysts find, prioritize and manage software vulnerabilities, today announced the release of the Cybersecurity Market Report for Q3 2015 published by Cybersecurity Ventures, a leading cybersecurity research and market intelligence firm. Sponsored by Code Dx, the Application Security Report
states “that poor software development practices may be the biggest cyber-threat of all.”
“The report really highlights the challenges software developers and security analysts face today and the need to perform application security testing throughout the software development process from early stages through post-release,” said Anita D’Amico, Ph.D., CEO for Code Dx. “Furthermore, it is important to leverage multiple testing tools to maximize the code coverage area and ensure vulnerabilities are identified and fixed.”
“Code Dx is a breakthrough solution for software developers,” said Steve Morgan, Founder and CEO at Cybersecurity Ventures. “Software coders can use Code Dx to wrap security around their apps from the ground-up, and to analyze their legacy apps for vulnerabilities.”
The quarterly report provides an overview of software development and application security trends, statistics, best practices, and resources for chief information security officers (CISOs) and IT security staff. Some of the key statistics/trends published in this report include:
  • “The SANS Institute 2015 State of Application Security Report” states that many information security engineers don’t understand software development – and most software developers don’t understand security.
  • “The security industry is overly-focused on testing and scanning for known vulnerabilities in software after it’s been released, and under-focused on poor software development practices that lead to vulnerability applications that hackers can exploit,” said Frank Zinghini, CEO of Applied Visions, Inc.
  • The U.S. Department of Homeland Security (DHS) states that 90 percent of security incidents result from exploits against defects in software.
  • The National Security Agency’s (NSA) Center for Assured Software (CAS) reported that the total code coverage area of the average application security testing tool is only 14 percent.