The Intractable Problem of Insecure Software
- More than 8 in 10 software applications fail security test
- Now Including Mobile App Data!
If your business has anything worth protecting, be it money, intellectual property or a trusted reputation, you need to be concerned about the security of software embedded in your organization. These sentiments voiced by Veracode CTO, Chris Wysopal, highlight the fast growing software threat landscape that companies are operating in today.
Check out our semi-annual analysis of the common coding flaws in software applications. See benchmarks by industry and more.
1. Application security performance declines steeply when current threat landscape is taken into account in the evaluation criteria
2. Vulnerabilities that can lead to remote code execution and backdoor functionality are found to be far more prevalent in commercial software
3. Cross-site Scripting and SQL Injection were found to affect higher percentage of Government applications than other industry sectors; SQL Injection trend is flat while declining in the overall dataset
4. A sizable proportion of Android applications were found to contain hard-coded cryptographic keys
5. Independent security verification of third-party software is being carried out by multiple industry segments
6. Greater knowledge of application security is associated with improved security quality scores
7. Development agility and application security are not mutually exclusive
- Veracode State of Software Security Report Finds Eight Out of 10 Applications Fail to Meet New Security Standards