Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Industry. Show all posts

24 Percent of Technology Applications Have High-risk Security Vulnerabilities

 

With a higher proportion of applications to compete with than other industries, technology firms would benefit from improving secure coding training and practices for their development teams. As per Veracode, 24 percent of applications in the technology sector contain high-risk security flaws, which would cause a critical issue for the application if exploited. 

“Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.

The technology industry was discovered to have the second-highest proportion of applications with security flaws, at 79 percent, trailing only the public sector (82 percent). When it comes to the proportion of flaws fixed, the technology sector ranks in the middle of the pack.

The industry still takes up to 363 days to fix 50% of flaws, indicating that there is still plenty of room for improvement.

Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus.”

He continued, “To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”

The most common types of flaws discovered by dynamic analysis of technology applications are server configuration, insecure dependencies, and information leakage, which broadly follows a pattern similar to other industries.

In contrast, the sector has the greatest deviation from the industry average for cryptographic issues and information leakage, possibly indicating that developers in the tech industry are more knowledgeable about data security challenges.