Security flaws prevalent in applications produced by software vendors

Secure development is the key to a secure application

Three out of four applications produced by software vendors fail to meet the Open Web Application Security Project (OWASP) Top 10 standards when initially assessed for security, with over 60% of internally developed applications also failing to achieve compliance.

That's according to research from application security firm Veracode, which has recently published its How do vulnerabilities get into software report. The report continues to attest application vulnerabilities to faults present within the development process, which are consequently exacerbated and capitalised on by an ever-shifting threat landscape. 

Exponential demand resulting from heavy reliance on software applications in the modern enterprise is creating a problem for development teams both in-house and within vendor companies. 

Pressure is building constantly for developers to construct functional code, at a faster and faster rate. As functionality and speed are prioritised, security requirements are pushed back. In the worst cases, they are entirely foregone, with Veracode's report stating that 30% of companies don't scan for vulnerabilities during code development at any point. 

Vulnerable components of code are then likely to be reused, as it's common practice to incorporate reusable, pre-built software components when constructing new applications. It can be difficult to pinpoint all the applications where a risky component is engrained, leaving literally countless applications vulnerable.

For organisations continuing to pursue their digital transformations, the applications which are becoming increasingly integral to core business processes have the unfortunate power to bring operations to a standstill.

Presented with IT networks debilitated by deeply embedded flaws, it's no surprise that cybercriminals are finding new ways to breach applications just as fast as developers are finding new ways of protecting them. Added to this is the increased reliance on software applications, providing cybercriminals with more scope for success in their attacks as simply they have more applications to target.

Related Resource

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

As multiple factors feed this insidious trend, there is no quick fix to reverse it. The threat landscape will not stop evolving, but cybercriminals success can be stunted by positioning security as a top business priority, integrating security with the development process, and giving developers the time and resources necessary to constantly test and fix issues as they arise. This would encourage the introduction of secure coding practices, going a long way towards reducing vulnerabilities and strengthening security.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Most Popular

Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
Hackers publish Bombardier data in wide-reaching FTA cyber attack
cyber attacks

Hackers publish Bombardier data in wide-reaching FTA cyber attack

24 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021