TECH NEWS

The patching treadmill: Why traditional application security is no longer enough

https://www.zdnet.com/a/img/resize/fa3796e9df411cb45f72768e2fb46293192c82eb/2026/05/11/26f0a7cf-d9e0-4ff5-9799-f6c7bdd32d02/gettyimages-1345559764.jpg?auto=webp&fit=crop&height=675&width=1200

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

  • Continuous deployment makes old security models feel obsolete.
  • Vulnerability backlogs are overwhelming development teams.
  • Application security needs to move toward code creation.

For all the time I've spent exercising on treadmills, I've always found them faintly demoralizing. You thump-thump-thump over and over again, but get nowhere. It's a lot of effort. You always work up a bit of a sweat, but ultimately feel unfulfilled. This feeling is reinforced the next day, when you have to do it all over again.

In many ways, application security is like that treadmill. Once the coding is done, security teams (or customers) find flaws. Scanning tools also find flaws, often resulting in reports that seem never-ending. Coders are constantly yanked away from new development to re-learn what they wrote, locate bugs, patch them, and release fixes.

Also: 77% of IT...

Copyright of this story solely belongs to zdnet.com. To see the full text click HERE

Read more

https://cdn.arstechnica.net/wp-content/uploads/2026/06/GettyImages-1987915833-1152x648.jpg

Streaming services must comply with a California law that bans playing ads louder than the content being watched from July 1, but its implementation is unclear

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.