Check Point® Software Technologies Ltd. has been recognized as one of theWorld’s Best Companies of 2024 by TIME and Statista.
Check Point made its debut on the list due to its strong employee satisfaction, revenue growth, and ESG efforts.
CISOs Struggle to Govern Use of AI in Application Development
August 21, 2024
CISOs are struggling with the need to empower both development and application security (AppSec) teams with the productivity benefits of AI tools while establishing governance to mitigate emerging risks, according to Seven Steps to Safely Use Generative AI in Application Security, a new report from Checkmarx.
Source: Checkmarx
Highlights of the study include findings showing the difficulty of establishing and enforcing governance:
■ Only 29% of organizations have established any form of governance.
■ 15% of respondents have explicitly prohibited the use of AI tools for code generation within their organizations.
■ 99% report that AI code-generation tools are being used regardless of prohibitions.
■ 70% say there is no centralized strategy for GenAI, with purchasing decisions made on an ad hoc basis by individual departments.
■ 60% are worried about GenAI attacks such as AI hallucinations.
■ 80% are worried about security threats stemming from developers using AI.
"Enterprise CISOs are grappling with the need to understand and manage new risks around generative AI without stifling innovation and becoming roadblocks within their organizations," said Sandeep Johri, CEO at Checkmarx. "GenAI can help time-pressured development teams scale to produce more code more quickly, but emerging problems such as AI hallucinations usher in a new era of risk that can be hard to quantify."
Many CISOs are seeking to build the right level and types of governance in order to permit their application development teams to use AI coding tools. Given its ease of adoption, flexibility and utility, security leaders clearly understand its potential for helping to speed and scale application development in a time-pressured business environment.
However, generative AI is currently unable to follow secure coding practices or to produce truly secure code, which motivates some security teams to consider AI-driven security tools to help manage the proliferation of development teams' AI-generated code. The study found that:
■ 47% of respondents indicated interest in allowing AI to make unsupervised changes to code.
■ 6% said they wouldn't trust AI to be involved in security actions within their vendor tools.
"The responses of these global CISOs expose the reality that developers are using AI for application development even though it can't reliably create secure code, which means that security teams are being hit with a flood of new, vulnerable code to manage," said Kobi Tzruya, Chief Product Officer at Checkmarx.
Methodology: In early 2024 Checkmarx commissioned a global research firm to conduct a survey of 900 CISOs and application security professionals in companies in North America, Europe and Asia-Pacific with annual revenue of $750 million or more.
Industry News
September 17, 2024
September 17, 2024
Oracle announced the availability of Java 23, the latest version of the programming language and development platform.
September 17, 2024
JFrog announced a new product integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
September 17, 2024
Tigera announced several new features for Calico Cloud and Calico Enterprise to improve the efficiency of remediating vulnerabilities in container images, and ensure compatibility with the latest deployment options for OpenShift.
September 17, 2024
Gearset announced the acquisition of Clayton, a code analysis platform designed specifically for Salesforce.
September 16, 2024
Docker is introducing a new way for developers and organizations to access its suite of products – including Docker Desktop, Docker Hub, Docker Trusted Content, Docker Scout, Docker Build Cloud, and Testcontainers Cloud.
September 16, 2024
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the OpenSearch Software Foundation, a community-driven initiative that will support OpenSearch and its search software, which is used by developers around the world to build search, analytics, observability, and vector database applications.
September 16, 2024
Copado announced the Copado AI platform encompassing a suite of AI-powered DevOps agents.
September 16, 2024
Kong announced the release of Kong Gateway 3.8, a major update that sets a new standard for API management.
September 16, 2024
Perforce Software announced that its mobile application testing platform, Perfecto, will support Apple's latest iOS version, iOS 18, on Monday, September 16, 2024.
September 12, 2024
Check Point® Software Technologies Ltd. has been recognized as a Leader in the latest GigaOm Radar Report for Security Policy as Code.
September 12, 2024
JFrog announced the addition of JFrog Runtime to its suite of security capabilities, empowering enterprises to seamlessly integrate security into every step of the development process, from writing source code to deploying binaries into production.
September 12, 2024
Kong unveiled its new Premium Technology Partner Program, a strategic initiative designed to deepen its engagement with technology partners and foster innovation within its cloud and developer ecosystem.
September 11, 2024
Kong announced the launch of the latest version of Kong Konnect, the API platform for the AI era.
September 10, 2024
Oracle announced new capabilities to help customers accelerate the development of applications and deployment on Oracle Cloud Infrastructure (OCI).
