Developers who are responsible for creating the software and applications we rely on are turning out to be less than vigilant when it comes to cybersecurity. According to a new report, 60 percent of developers are not confident in the code they write.
The problem, according to Brandon Vigliarolo’s article in TechRepublic, is with developers’ third-party dependencies. “Only 16% have confidence in the security of the third-party packages they use,” reports Vigliarolo. Adding to the dilemma, 40 percent reveal that they don’t review third-party packages.
This unfortunate lapse in being security minded might possibly explain other news that came out yesterday: A new bug, dubbed ‘Eavesdropper,’ allows hackers to access call and text data. As Dawn Kawamoto writes in Dark Reading, “Mobile application developers using Twilio’s voice and SMS software development kit (SDK) and Rest API have exposed hundreds of millions of private mobile conversations after failing to remove their hardcoded credentials from the apps, researchers revealed….”
Without performing reviews all the way through the development of their end products, data leaks and other threats will persist. Vigliarolo reports that only 20 percent are using a solution to monitor their software once it is live. As for the others: “79% either simply look at logs, or say they ‘have no way of knowing for sure’ when their applications are under attack.”
Read the full story of the developers report in TechRepublic.