Security News > 2022 > August > How fast is the financial industry fixing its software security flaws?

How fast is the financial industry fixing its software security flaws?
2022-08-26 03:30

Veracode released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws.

In last year's report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year's study.

Despite having fewer flaws overall, the financial services sector comes joint last with technology and government for the lowest proportion of flaws that are fixed.

"One of the advantages of serving the software development community for so many years is that Veracode can see changes in development practices across industries over time. We found that while financial services applications have fewer security flaws than last year, the sector lags behind other industries when it comes to fix rate. Our research showed that security training can significantly improve remediation speeds, and that companies whose development teams had completed hands-on training using real-life applications fixed flaws 35 percent faster than those without such training," said Chris Eng, Chief Research Officer at Veracode.

Eng said, "The U.S. Executive Order on Cybersecurity, alongside mandates on security controls regarding open-source usage, such as GDPR and the New York Department of Financial Services Cybersecurity Regulations, has highlighted the importance of securing the software supply chain. Being a highly regulated sector may go some way to explain the financial industry's relative speed in addressing vulnerable libraries discovered through software composition analysis."

With third-party components comprising as much as 90 percent of an application's codebase, scanning early and often using a combination of testing types reduces unplanned emergency remediation work and mitigates the risk of introducing third-party security flaws into software.


News URL

https://www.helpnetsecurity.com/2022/08/26/financial-software-security-flaws/