|
Against a backdrop of major regulations impacting the financial services sector , including the US Securities and Exchange Commission cybersecurity disclosure rules and the EU Digital Operational Resilience Act ( DORA ), Veracode ’ s study provides recommendations to reduce risk from software vulnerabilities . While nearly 72 % of applications in the Financial Services sector contain security flaws , this is the lowest of all industries analysed and an improvement since last year .
“ Financial Services made a strong showing across the board in this year ’ s analysis ,” said Chris Eng , Chief Research Officer at Veracode . “ Increasing competition and customer expectations , combined with tighter regulations across the industry , have put greater pressure on developers and security teams to find and fix flaws at scale . Moreover , the explosion of AI and Machine Learning has pushed the pace of software development to a new level , leading to the hyperproliferation of flaws . The sector has done well to better its performance , but there is more to be done and financial organisations
|
would benefit from increased automation and secure coding techniques to help them prevent , detect and respond to vulnerabilities faster than ever .”
API scanning and training lowers likelihood and introduction of flaws
Veracode ’ s research found Financial Services organisations see stronger effects from the positive elements of scanning via API and security training , compared with the crossindustry average . Scanning via API is a measure of maturity in a software security program and enterprises that integrate API usage likely have greater automation and control over the development pipeline . In fact , those that leverage scanning via API perform 11 % better than the baseline probability of non-Financials when it comes to flaw introduction per month . Adding interactive security training into the mix reduces this further , with the two factors combined lowering the chance of flaw introduction by 19 % per month .
|
The impact of scanning via API and security training on the number of flaws when they are introduced is even more pronounced . When Financial Services teams completed 10 interactive security training modules , they introduced 26 % fewer flaws , putting the sector ’ s performance well above the all-industry average . Similarly launching scans via API had a stronger influence on the number of flaws introduced in Financial Services applications than in other industries .
The power of AI and ML
The State of Software Security report also analysed language preference by vertical and found , at 51 %, Java is almost a de facto standard within the Financial Services sector . Veracode Fix , an AI-powered remediation tool launched earlier this year , leverages Machine Learning to generate fixes for 74 % of Java static findings . Such a dramatic reduction in time and effort empowers organisations to improve security posture and lower risk even further , freeing up capacity for innovation and creation . u
|
intelligent SOFTWARE SECURITY |
www . intelligentciso . com |
61 |