SECURITY
SECURITY
SECURITY
Will AI help or hurt enterprise software security at large?
Artificial intelligence has generated a lot of buzz around securing enterprise software and operations.
However, a lingering inability to follow best practices and nail the fundamentals still plagues the industry at large, according to Brian Fox (pictured), chief technology officer of Sonatype Inc.
“We have done some studies for years, and I think last year was our eighth year in a row,” he said. “The thing that I’ve been rattling on about since then is that around 96% of the time when organizations are pulling down vulnerable components, there’s already a fix available, which tells me that the problem is on the consumption side. There are a lot of conversations about all the novel edge cases when, as an industry, we’re failing to follow best practices and deal with the fundamentals.”
Fox spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how companies should prioritize their security operations, especially given the complexities AI brings. (* Disclosure below.)
The role of AI in software development: Risks and benefits
People are already employing AI tools, such as ChatGPT, to write code, some of which are mission-critical. It’s important, therefore, to assess the potential implications of that and other AI-related trends filtering through, according to Fox.
“I don’t think the AI aspect of this really affects the dependencies yet,” he said. “When people are choosing to put bad components in [the software stack], it has less to do with the new custom code that they’re creating and more to do with the hygiene of their dependency stack.”
The main security issue is that organizations are still falling victim to vulnerabilities that have already been identified and logged, according to Fox. So, there’s a need to tighten the software supply chain.
“As of last week, 29% of the consumption worldwide of Log4j versions are of the known vulnerable versions,” he said. “Everybody in the industry knows that it was an issue. We’re closing in on 18 months at this point. How is it that a third of organizations are still pulling down these known vulnerabilities 18 months later?”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:
(* Disclosure: Sonatype Inc. sponsored this segment of theCUBE. Neither Sonatype nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
