Security flaws prevalent in applications produced by software vendors

Secure development is the key to a secure application

Three out of four applications produced by software vendors fail to meet the Open Web Application Security Project (OWASP) Top 10 standards when initially assessed for security, with over 60% of internally developed applications also failing to achieve compliance.

That's according to research from application security firm Veracode, which has recently published its How do vulnerabilities get into software report. The report continues to attest application vulnerabilities to faults present within the development process, which are consequently exacerbated and capitalised on by an ever-shifting threat landscape. 

Exponential demand resulting from heavy reliance on software applications in the modern enterprise is creating a problem for development teams both in-house and within vendor companies. 

Pressure is building constantly for developers to construct functional code, at a faster and faster rate. As functionality and speed are prioritised, security requirements are pushed back. In the worst cases, they are entirely foregone, with Veracode's report stating that 30% of companies don't scan for vulnerabilities during code development at any point. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Vulnerable components of code are then likely to be reused, as it's common practice to incorporate reusable, pre-built software components when constructing new applications. It can be difficult to pinpoint all the applications where a risky component is engrained, leaving literally countless applications vulnerable.

For organisations continuing to pursue their digital transformations, the applications which are becoming increasingly integral to core business processes have the unfortunate power to bring operations to a standstill.

Presented with IT networks debilitated by deeply embedded flaws, it's no surprise that cybercriminals are finding new ways to breach applications just as fast as developers are finding new ways of protecting them. Added to this is the increased reliance on software applications, providing cybercriminals with more scope for success in their attacks as simply they have more applications to target.

Related Resource

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

As multiple factors feed this insidious trend, there is no quick fix to reverse it. The threat landscape will not stop evolving, but cybercriminals success can be stunted by positioning security as a top business priority, integrating security with the development process, and giving developers the time and resources necessary to constantly test and fix issues as they arise. This would encourage the introduction of secure coding practices, going a long way towards reducing vulnerabilities and strengthening security.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020