Veracode, the largest global provider of application security testing (AST) solutions, today released findings revealing that the financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.
The findings came as a result of Veracode’s State of Software Security Volume 11, which analyzed 130,000 applications from 2,500 companies. The research found that financial services organizations have the smallest proportion of applications with flaws and the second-lowest prevalence of severe flaws behind the manufacturing sector.
It also has the highest fix rate among all industries, fixing 75% of flaws. Still, the research found that financial services firms require about six and a half months to resolve half of the flaws they find, indicating it is slower than other industries to remediate.
Read More: GlobalFintechSeries Interview with RJ Horsley, President of SpotOn Transact, Inc
“Financial services firms have a median time to remediation of more than six months, despite having a high fix rate compared to other sectors,” said Chris Wysopal, Chief Technology Officer at Veracode. “However, developers in the financial services industry are often limited by the nature of the environments they are working in, as applications tend to be older, have a medium flaw density, and aren’t consistently following DevSecOps practices compared to other industries. With some additional training and sticking to best practices, they can quickly remediate issues and start to reduce security debt.”
Read More: Covid-19’s Impact on the Future of Payments and Retail Will Be Far Reaching
