How many times have you purchased a new device or product, only to find out that it needs to be replaced or patched immediately? It’s an issue that’s far too common nowadays, and many security practitioners are losing sleep when you take into account the endless connected devices that are making their way into the enterprise.

Sure, they need to keep abreast of these updates, but what about the manufacturers? What could they do to ensure they’re not shipping out faulty devices or applications? Identifying issues during development is the only way that you can truly address this problem, says Chris Eng, vice president of research at CA Veracode.

“We have to find ways to fix things earlier,” Eng told InfoSec Insider during a recent video interview. “We can’t wait, ship a product, and then have issues discovered after the fact once it’s shipping.”

Additionally, while patching vulnerabilities seems like a “low-hanging fruit” task for many security practitioners, it seems as though many still fail to do so. And many times, they may only be focused on code that’s been developed internally - which is excellent - but completely ignoring third-party code, adds Eng.

“That’s a major blind spot,” he says.

In the full video interview below with Eng, he lists the common blind spots associated with vulnerability management, and what you should be doing to ensure your organisation is secure from an application security standpoint.

Click here to watch the video.

Marcos Colón
SVP, Content Marketing
As MISTI’s content marketing lead, Marcos spearheads the brand’s content marketing strategy, implementing a process to deliver high-quality insight to information security and internal audit professionals. Prior to working with MISTI, he served as the online editor for the award-winning SC Magazine, a prominent B2B IT security publication. He also served as a senior editor at NewsCred, a prominent content marketing agency, where he provided content strategy guidance for leading brands that include Discover, IBM, Visa and Bloomberg.