Enterprises need to set up and maintain persistent programs to upgrade and patch their software as fixes become available. “Security is ephemeral,” Pittinger says. “Today’s scan is good, but that can change.”
And when buying applications businesses should grill the developers about security of their supply chain, how they screen the code they use and what their program is for patching their products once they’re in the hands of their customers. “We need to raise the expectations we have for software vendors,” Pironti says.
Sign up for CIO Asia eNewsletters.