to estimate how much money companies wasted because of these issues. Krasner, a retired University of Texas computer science professor and longtime expert on software quality issues, spent two months pouring through industry data to compile the 45-page report.SolarWinds is only the most obvious of many security issues linked to bad software, the report found.
The "shift left" movement — which moves cybersecurity earlier in the software development process — is a game-changer, said Joe Jarzombek, director for government and critical infrastructure programs at report sponsor Synopsys. "It costs a whole lot less when we catch errors before there's a problem," Jarzombek told Business Insider.
In the past, cybercriminals chose a company to break into and searched for weaknesses in its network. Now they can search for known vulnerabilities using machine learning tools, and hit multiple companies with the issue. That has been the biggest change in cybercrime, Jarzombek said: Criminals methodically finding and exploiting software issues to conduct attacks such as ransomware.