Software security is a board-level issue. Adversaries used to focus on hacking networks. Now they target applications. Why?
Because software organizations continue to focus on features and functionality. Errors in the design and execution of software can result in vulnerabilities that are easy to access and simple to exploit using attacks like SQL injection and cross-site scripting.
Unfortunately, many organizations continue to view security as it was many years ago: a challenge of perimeter defense.
Adversaries are more skilled than ever. Criminal organizations are well funded and the market demand for financial data, health information, and consumers’ personal information are high.
Industrial espionage is an ongoing concern. Most concerning for organizations with valuable intellectual property (IP) are attacks from nation-states seeking to steal design information and trade secrets. State-sponsored attacks and organized crime groups are real and make for interesting headlines.