Security flaws prevalent in applications produced by software vendors

Secure development is the key to a secure application

A padlock on a circuit board in a dark room

Three out of four applications produced by software vendors fail to meet the Open Web Application Security Project (OWASP) Top 10 standards when initially assessed for security, with over 60% of internally developed applications also failing to achieve compliance.

That's according to research from application security firm Veracode, which has recently published its How do vulnerabilities get into software report. The report continues to attest application vulnerabilities to faults present within the development process, which are consequently exacerbated and capitalised on by an ever-shifting threat landscape. 

Exponential demand resulting from heavy reliance on software applications in the modern enterprise is creating a problem for development teams both in-house and within vendor companies. 

Pressure is building constantly for developers to construct functional code, at a faster and faster rate. As functionality and speed are prioritised, security requirements are pushed back. In the worst cases, they are entirely foregone, with Veracode's report stating that 30% of companies don't scan for vulnerabilities during code development at any point. 

Vulnerable components of code are then likely to be reused, as it's common practice to incorporate reusable, pre-built software components when constructing new applications. It can be difficult to pinpoint all the applications where a risky component is engrained, leaving literally countless applications vulnerable.

For organisations continuing to pursue their digital transformations, the applications which are becoming increasingly integral to core business processes have the unfortunate power to bring operations to a standstill.

Presented with IT networks debilitated by deeply embedded flaws, it's no surprise that cybercriminals are finding new ways to breach applications just as fast as developers are finding new ways of protecting them. Added to this is the increased reliance on software applications, providing cybercriminals with more scope for success in their attacks as simply they have more applications to target.

Related Resource

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

As multiple factors feed this insidious trend, there is no quick fix to reverse it. The threat landscape will not stop evolving, but cybercriminals success can be stunted by positioning security as a top business priority, integrating security with the development process, and giving developers the time and resources necessary to constantly test and fix issues as they arise. This would encourage the introduction of secure coding practices, going a long way towards reducing vulnerabilities and strengthening security.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021