Veracode releases latest State
of Software Security report
eracode’s latest State of
Software Security report
(SoSS) has revealed financial
services is one of the slowest industries
when it comes to addressing common
vulnerabilities found in software.
V
A significant 67% of current applications
used by banks are at risk from
information leakage attacks, wherein an
application reveals sensitive data that can
be used by an attacker to exploit a web
application or its users. This is worrying
given the IT outages occurring within the
global financial services industry.
www.intelligentciso.com
|
Issue 11
sector addresses the first half of its
open flaws slowly, but it starts to pick up
speed once it passes the halfway point.
The industry ranked second to last
in the major verticals for latest scan
OWASP pass rate and based on the
flaw persistence analysis chart, it is
leaving coding flaws to linger longer
than other industries. “Our data shows the financial
services sector scanning a huge
volume of applications and finding
flaws that need fixing. While that
is encouraging, the next frontier is
achieving greater speed in fixing those
flaws because speed matters. The
speed at which organisations fix flaws
they discover in their code directly
mirrors the level of risk incurred by
applications. The sector should consider
all dimensions of risk to prioritise which
flaws to fix first.” u
Even as it is prolific at testing, the
financial sector tests almost as
many apps as the technology sector,
the sector in general is still slow in
responding to responding to open
vulnerabilities. Additionally, the banking
“Since financial institutions and banks
hold highly valuable information and
critical assets, they will continue to be
a target of cybercriminals and malicious
hacking,” said Paul Farrington, Director
of EMEA and APJ at Veracode.
61
The global report found financial
services companies took 29 days to
address a quarter of their vulnerabilities
in coding and over a year – 573 days –
to remediate all open vulnerabilities. It
also ranked as second to last of all other
sectors in terms of speed to complete
flaw remediation.
In spite of this, Veracode’s report
did reveal that the largest population
of applications scanned came from
the financial vertical. While financial
organisations tend to have the
reputation of having some of the
most mature overall cybersecurity
practices, Veracode’s data shows they
struggle like the rest to stay on top of
application security.