Security News > 2023 > January > 70% of apps contain at least one security flaw after 5 years in production

Their report found that flaw build-up over time is such that 32% of applications are found to have flaws at the first scan and by the time they have been in production for five years, 70% contain at least one security flaw.

After the initial scan, apps quickly enter a 'honeymoon period' of stability, and 80% do not take on any new flaws at all for the first 1.5 years.

The study found that developer training, use of multiple scan types, including scanning via API, and scan frequency are influential factors in reducing the probability of flaw introduction, suggesting teams should make them key components of their software security programs.

Top flaws in apps vary by testing type, highlighting the importance of using multiple scan types to ensure hard-to-identify flaws aren't missed.

The remediation curve must fall earlier and faster because an application will have accumulated flaws by the time it is two years old.

Whether through increasing complexity from years of steady growth or diminishing focus on application development, this trend continues upwards, meaning there is a 90% chance an application will contain at least one flaw by the 10-year mark.

News URL

https://www.helpnetsecurity.com/2023/01/13/apps-security-flaws-production/