Security News > 2024 > May > 59% of public sector apps carry long-standing security flaws

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59% of applications in the public sector, compared to the overall rate of 42%. The research analyzed public sector organizations in more than 25 countries across the globe.

Veracode researchers found that while slightly fewer public sector organizations have security debt than other industries, they tend to accumulate more of it.

Even more concerning, 40% of public sector entities have persistent, high-severity flaws that constitute 'critical' security debt, which would put the confidentiality, integrity, and availability of businesses at serious risk if exploited.

"Two-thirds of all flaws in public sector organizations are either less than one year old or are not critical in severity. In addition, less than 1% of all flaws constitute critical security debt. By prioritizing that security debt with focused effort, organizations can achieve maximum risk reduction and then move to address non-critical flaws based on their risk tolerance and capabilities."

Security debt in the public sector is primarily concentrated in older apps.

According to the report, security debt in the public sector primarily affects first-party code, but most of the critical security debt comes from third-party dependencies.

News URL

https://www.helpnetsecurity.com/2024/05/30/public-sector-applications-security-debt/