No one expects software applications to be free of vulnerabilities. But there's a big difference between looking for and fixing obvious flaws before going to production, and simply shipping with known flaws because it would take too much time to try to fix. Since software can't be bug-free, it's only reasonable that software be regularly updated so that vulnerabilities can be fixed.
While it's possible to look for and fix vulnerabilities internally within the team, audits help teams tap into security expertise outside the project to help find issues.Veracode's latest State of Software Security Report found that most applications submitted for software assessment have less than a 45 percent pass rate, and nearly three out of four applications produced by third-party software vendors and SaaS suppliers fail the OWASP Top 10 when initially assessed.
"We all rely on open source software," Mozilla said in the blog post. "We hope this is only the beginning."
Sign up for CIO Asia eNewsletters.