1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Why software defects are now the biggest security threat

    From TechnologyDaily@1337:1/100 to All on Monday, May 04, 2026 10:15:25
    Why software defects are now the biggest security threat

    Date:
    Mon, 04 May 2026 09:06:02 +0000

    Description:
    Why bugs and misconfigurations pose as much of a cyber threat as hackers.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Cybersecurity headlines are
    most often made by attacks, but the fallout of accidental cyber incidents is fast becoming the primary threat to businesses. Marshall Erwin Social Links Navigation

    CISO at Fastly. Malicious actors plotting your organization's downfall seem a more tangible threat on the surface, but the speed at which software is now being shipped is rapidly exposing businesses to a new level of security risk. Recent Fastly research found that software bugs were a factor in 40% of cyber incidents in 2025, up from 33% in 2024 and overtaking external attackers (39%). Article continues below You may like Friend or foe? AI: The new cybersecurity threat and solutions The Human Risk Reckoning: Why security
    must evolve for an AI-augmented workforce AI tools have made vulnerability exploitation faster and easier The cost of coding faster Early AI adoption
    has played a role in increasing instances of software issues exposing businesses to risk. Some reports have stated AI is almost doubling engineers output but a survey we issued last year showed 30% of senior developers have time savings wiped out by firefighting when AI-generated code fails.

    Humans and AI coders alike might be introducing bugs that must be caught in code reviews, and companies might be sacrificing those reviews in the
    interest of AI automation efficiency.

    As well as increasing deployment speed, AI introduces more infrastructure
    that companies are still getting to grips with. More than ever, they are wrestling with security failures and oversights that stem from how code is written or how their infrastructure is configured rather than external
    actors.

    These issues are more pronounced at larger organizations. Large enterprises with 10,000+ employees averaged 57 incidents in 2025, nearly 40% above the mean of 40. Its clear that investing in defenses is not the main tactic a modern security strategy can rest on. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. Establishing accountability Strong security postures require processes as
    much as sophisticated tooling. Reinforcing defenses should obviously remain a priority, but shifting some of the focus towards budget allocation and team structure is an effective way to remain resilient.

    Software development has likely changed for good, meaning organizations need to fundamentally rethink their processes and organizational structure.

    Only 37% of organizations have shifted security responsibilities towards platform engineering or DevOps at this stage despite the prevalence of incidents related to bugs and misconfigurations. What to read next Why LLMs are plateauing and what that means for software security AI powers
    innovation but its also powering the next wave of cyber attacks Maintaining cyber control when AI can act autonomously

    Centralized security teams that concentrate primarily on the perimeter are
    too far removed from where risk is created. Bringing security closer to software decision-making is a necessary step for any company looking to scale their outputs to keep up with increasing AI-driven competition.

    In practice, this means security should have oversight earlier in the
    software development process, not just at the point of post-build reviews.

    Clear accountability further reduces the risk of response being slowed when incidents inevitably occur.

    Over half (51%) of AI-first businesses - those making AI a core part of their operations - are unsure about who handles incident response, but these businesses are the most exposed. Defining ownership, identity governance and escalation paths before deployment sets teams up to bounce back quickly when incidents hit. Secure by design in the AI era I have always advocated for a secure by design approach to minimize risk. Baking security early into projects an organization embarks on is what makes for a strong security posture. This approach encourages security teams to make systems and coding environments more secure rather than relying on individual employees to get everything right the first time.

    AI has changed the complexion of secure by design. Speed-to-market is prioritized over building resilience into systems at 72% of organizations, with accelerated software deployment cycles now amplifying the chance of something going wrong no matter what security tooling they have invested in.

    Security architects and executives should have a seat at the table when decisions are being made about how to implement AI. AI systems themselves are becoming vectors through which businesses can be exposed, so should be
    treated as privileged infrastructure requiring access control and monitoring from day one.

    The results of this approach are clear for many already. Eighty-one percent
    of organizations that made resilience investments last year say they managed to safely accelerate innovation.

    Done correctly, security by design shouldnt be a burden on software teams. It should enable them to work with confidence and keep their business out of the wrong kind of headlines. Build fast without breaking There is a significant opportunity for businesses scaling their software development to get ahead of the competition by recognizing software errors as a threat on par with external attackers.

    Organizations that bolt on tools and silo their security teams from the rest of the business are more likely to accumulate risks and be left fighting fires. A secure by design approach fit for the modern age will allow businesses to create distance from their peers. We've featured the best encryption software. This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/why-software-defects-are-now-the-biggest-securit y-threat


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)