How many times have you purchased a new device or product, only to find out that it needs to be replaced or patched immediately? It’s an issue that’s far too common nowadays, and many security practitioners are losing sleep when you take into account the endless connected devices that are making their way into the enterprise.

Sure, they need to keep abreast of these updates, but what about the manufacturers? What could they do to ensure they’re not shipping out faulty devices or applications? Identifying issues during development is the only way that you can truly address this problem, says Chris Eng, vice president of research at CA Veracode.

“We have to find ways to fix things earlier,” Eng told InfoSec Insider during a recent video interview. “We can’t wait, ship a product, and then have issues discovered after the fact once it’s shipping.”

Additionally, while patching vulnerabilities seems like a “low-hanging fruit” task for many security practitioners, it seems as though many still fail to do so. And many times, they may only be focused on code that’s been developed internally - which is excellent - but completely ignoring third-party code, adds Eng.

“That’s a major blind spot,” he says.

In the full video interview below with Eng, he lists the common blind spots associated with vulnerability management, and what you should be doing to ensure your organization is secure from an application security standpoint.

Interesting in learning more about this topic while networking with other security pros? Mark your calendars for April 1 as the InfoSec World Conference & Expo returns to Orlando, Florida!

David Rangel