Government, Healthcare Particularly Lackluster In Application Security

  /     /     /  
Publicated : 22/11/2024   Category : security


Government, Healthcare Particularly Lackluster In Application Security


Veracodes State of Software Security Report lays out industry-specific software security metrics.



Healthcare organizations and government agencies still continue to struggle with application security, leaving as much as 73 percent of their identified vulnerabilities unremediated in some instances, according to a new study.
The silver lining is that across industries, the work of reducing risk in software is accelerating and many organizations are making headway in fixing their software flaws, according to the new
State of Software Security Report
 released by Veracode today. 
It may be tempting in the face of repeated breaches--OPM, Target and Sony--to throw up one’s hands, not to bother building secure applications, and to give up on fixing vulnerabilities in the applications you’ve already deployed, says Chris Wysopal, CTO and CISO of Veracode, in the report. The data in this report clearly shows that, by addressing the problem systematically and at scale, enterprises can significantly reduce application risk.
In the wake of
the OPM breach
, it probably wont come as a surprise to many that government organizations fare the worst in many key metrics of application security. For example, only 24 percent of government applications pass OWASP Top 10 compliance upon their first assessment, a rate thats half as effective as the financial services industry. And only 27 percent of government flaws identified in an initial assessment are fixed in subsequent assessments, compared to 81 percent for manufacturing and 65 percent for financial services.
Healthcare also fared poorly in several key areas. For example, only 43 percent of known vulnerabilities are remediated by healthcare organizations. And most troubling, 80 percent of healthcare applictiaions exhibit cryptographic issues such as weak algorithms. This is concerning given the sensitivity of health data and the push toward electronic health records.
Meanwhile, across all industries, Veracode found applications were suffering from software supply chain issues. It found that three-quarters of applications produced by third-party software vendors fail the OWASP Top 10 at initial assessment. That jibes with a
study done last week by Sonatype
 conducted among 106,000 organizations, finding that many of the third-party and open source components that organizations lean on in the development process are not tracked and are embedded into enterprise software with known vulnerabilities. Approximately 59 percent of known vulnerabilities on these dependencies remain unfixed, according to Sonatype.
The positive news is that according to Veracode, headway is being made on application security issues, albeit gradually. The rate at which found vulnerabilities are fixed has increased by 10 percentage points across all industries since 2006, from 60 percent at that time to 70 percent now. 

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Government, Healthcare Particularly Lackluster In Application Security