Security flaws prevalent in applications produced by software vendors

Secure development is the key to a secure application

Three out of four applications produced by software vendors fail to meet the Open Web Application Security Project (OWASP) Top 10 standards when initially assessed for security, with over 60% of internally developed applications also failing to achieve compliance.

That's according to research from application security firm Veracode, which has recently published its How do vulnerabilities get into software report. The report continues to attest application vulnerabilities to faults present within the development process, which are consequently exacerbated and capitalised on by an ever-shifting threat landscape. 

Exponential demand resulting from heavy reliance on software applications in the modern enterprise is creating a problem for development teams both in-house and within vendor companies. 

Pressure is building constantly for developers to construct functional code, at a faster and faster rate. As functionality and speed are prioritised, security requirements are pushed back. In the worst cases, they are entirely foregone, with Veracode's report stating that 30% of companies don't scan for vulnerabilities during code development at any point. 

Vulnerable components of code are then likely to be reused, as it's common practice to incorporate reusable, pre-built software components when constructing new applications. It can be difficult to pinpoint all the applications where a risky component is engrained, leaving literally countless applications vulnerable.

For organisations continuing to pursue their digital transformations, the applications which are becoming increasingly integral to core business processes have the unfortunate power to bring operations to a standstill.

Presented with IT networks debilitated by deeply embedded flaws, it's no surprise that cybercriminals are finding new ways to breach applications just as fast as developers are finding new ways of protecting them. Added to this is the increased reliance on software applications, providing cybercriminals with more scope for success in their attacks as simply they have more applications to target.

Related Resource

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

As multiple factors feed this insidious trend, there is no quick fix to reverse it. The threat landscape will not stop evolving, but cybercriminals success can be stunted by positioning security as a top business priority, integrating security with the development process, and giving developers the time and resources necessary to constantly test and fix issues as they arise. This would encourage the introduction of secure coding practices, going a long way towards reducing vulnerabilities and strengthening security.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Tech becomes Bristol's fastest growing industry
Business strategy

Tech becomes Bristol's fastest growing industry

24 Nov 2020