Veracode releases latest State of
Software Security report
common vulnerability category in all
industries, following information leakage
and cryptographic issues, suggesting
this is an industry-wide dilemma with
developing quality code.
“In the wake of GDPR, it’s vital that
retailers have visibility into risk
associated with code flaws,” said Paul
Farrington, Director of EMEA and APJ
at Veracode.
eracode’s latest State of
Software Security report (SoSS)
has revealed retail is faster
than most industries when it comes to
addressing common vulnerabilities found
in software. The global report found
retail is second only to healthcare in
its speed of shutting down flaws, which
reduces risk exposure.
V
In the wake of GDPR,
it’s vital that retailers
have visibility into
risk associated with
code flaws.
reducing their risk the fastest, with the
retail sector remediating a quarter of
vulnerabilities in 14 days and 50% of
flaws in 64 days. In fact, retail outpaces
the average speed of fix at every interval
across all industries, meaning the sector
remains consistent with its urgency in
closing vulnerabilities.
Veracode’s report also investigated
flaw persistence or how long a flaw
lingers after first being discovered. The
report showed healthcare and retail are Even as it is making strides to reduce
risk, retail recorded the highest amount
of code quality flaws of all other verticals
at 65%. Code quality is the third most
www.intelligentciso.com
|
Issue 08
About Veracode
Veracode is a leader in helping
organisations secure the software that
powers their world. Veracode’s SaaS
platform and integrated solutions help
security teams and software developers
find and fix security-related defects at
all points in the software development
lifecycle, before they can be exploited
by hackers.
Its complete set of offerings help
customers reduce the risk of data
breaches, increase the speed of secure
software delivery, meet compliance
requirements, and cost effectively secure
their software assets, whether that’s
software they make, buy or sell. u
69
However, two thirds (66%) of current
applications used by retailers are at
risk from information leakage attacks,
in which an application reveals
sensitive data that can be used by
an attacker to exploit the target web
application, its hosting network or its
users. The retail sector reported the
third-most information leakage issues
behind the technology and financial
services industries.
“With the busy holiday shopping season
arriving, vulnerabilities in applications
can allow attackers seeking sensitive
information such as consumer payment
data a way in. Many retailers are
showing an aptitude for remediating
flaws quickly to help improve security
and protect their high value information.
This is promising, yet the persistence
and prevalence of vulnerabilities that
continues to plague retailers calls for
both increased speed of fix and better
prioritising which flaws to fix first.”