Click here to load reader
Upload
black-duck-software
View
758
Download
1
Embed Size (px)
Citation preview
Application Security THE CHANGING ATTACK SURFACEA GREATER PERCENTAGE OF SOFTWARE CODE IS OPEN SOURCE
2016
60%-80%
2008
30%-50%
1998
5%- 10%
Custom Code Open Source Code
SOURCE: BLACK DUCK SOFTWARE
6,000 new open source vulnerabilities have been reported since 2014
SOURCE: NATIONAL VULNERABILITY DATABASE
SOURCE: SAP
84% of all cyber attacks happen on the application layer
Network Layer
SECURITY INVESTMENT PRIORITIES DO NOT MATCH THREATS
Application Layer
Data Layer
Physical Layer
Host Layer
Human Layer
Security Risk Spending
But Network Security Attracts the Highest Investment
Application Security Faces Most Threats
SOURCE: PONEMON INSTITUTE STATE OF APPLICATION SECURITY RISK MANAGEMENT REPORT
Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com
AS THE APPLICATION SECURITY THREAT LANDSCAPE CHANGES, INVESTMENT PRIORITIES MUST FOLLOW SUIT
• Open source use continues to grow rapidly and comprises up to 80% of an application’s code, significantly increasing the security and management challenges organizations must overcome
• Application security attack vectors have grown in scope and reach with the advent of the internet, cloud computing, mobile access and the Internet of Things (IoT)
• Security investment priorities must shift to the application layer in order to address growing risks, including those posed by known open source security vulnerabilities
EXPANDING SECURITY RISKS
1998 2008 2016
SOURCE: INDUSTRY ESTIMATE