1. Forum
  2. tqwNet
  3. TQW GENTECH

  • A shocking amount of companies are knowingly shipping insecure co

    From TechnologyDaily@1337:1/100 to All on Monday, August 18, 2025 17:15:09
    A shocking amount of companies are knowingly shipping insecure code - and it might be hard to recover

    Date:
    Mon, 18 Aug 2025 16:03:00 +0000

    Description:
    Developers are using AI to generate code for them, but it's creating vulnerabilities that companies are shipping to customers.

    FULL STORY ======================================================================Four in five companies knowingly ship vulnerable code, survey warns One-third say 60% of their code is now AI-generated Orgs need to use AI to identify vulnerabilities

    A study of 1,500 CISOs, AppSec Managers and developers conducted by Checkmarx has claimed four in five (81%) companies knowingly ship vulnerable code, putting them and their users at risk of attack.

    An estimated one in two respondents already use AI security code assistance, with around one-third (34%) admitting that more than 60% of their code is AI-generated which can often contain known vulnerabilities by default.

    An overwhelming majority (98%) have experienced a breach due to vulnerable code in the past year, and yet they continue to ship vulnerable code without implementing the right protective measures. Companies are shipping
    vulnerable, AI-generated code

    The report outlines how generative AI has now eroded developer ownership with code less likely to be affiliated with any particular individuals. It has
    also expanded the attack surface by reopening vulnerabilities that could previously have been avoided with proper coding expertise.

    The trend has largely been blamed on artificial intelligence, with vibe
    coding on the rise and many developers now opting to edit AI-generated code rather than write their own from the ground up.

    The lack of governance around this has created what the company describes as the perfect storm.

    Fewer than half of the respondents were found to be using foundational security tools like DAST and IaC scanning, with a similar number using DevSecOps tools.

    Looking ahead, Checkmarx stresses security should be built into projects
    right from coding level, with organizations urged to establish policies for
    AI tool usage. Acknowledging that developers are now actively using AI, Checkmarx suggests that, instead of banning it, companies should also utilize agentic AI to analyze and fix issues across projects.

    "AI generated code will continue to proliferate; secure software will be the competitive differentiator in the coming years," Checkmarx VP of Portfolio Marketing Eran Kinsbruner concluded. You might also like We've listed the
    best IDEs for Python Fancy an upgrade? Check out the best laptops for programming Google issues official internal guidance on using AI for coding - and its devs might not be best pleased



    ======================================================================
    Link to news story: https://www.techradar.com/pro/a-shocking-amount-of-companies-are-knowingly-shi pping-insecure-code-so-what-can-be-done


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)