martes, 13 de diciembre de 2011

State of Software Security Report - Volume 4 (Diciembre 2011)

The Intractable Problem of Insecure Software

- More than 8 in 10 software applications fail security test
- Now Including Mobile App Data! 

If your business has anything worth protecting, be it money, intellectual property or a trusted reputation, you need to be concerned about the security of software embedded in your organization. These sentiments voiced by Veracode CTO, Chris Wysopal, highlight the fast growing software threat landscape that companies are operating in today.

Check out our semi-annual report representing the anonymized data from billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers in Veracode’s cloud-based application risk management services platform. Register now to read the latest research findings!

Check out our semi-annual analysis  of the common coding flaws  in software applications.  See benchmarks by industry and more.

Executive Summary
The following are some of the most significant findings in the Veracode State of Software Security Report, Volume 4, representing 9,910 application builds assessed in the last 18 months by Veracode on our cloud-based application security platform.
1. Application security performance declines steeply when current threat landscape is taken into account in the evaluation criteria
2. Vulnerabilities that can lead to remote code execution and backdoor functionality are found to be far more prevalent in commercial software
3. Cross-site Scripting and SQL Injection were found to affect higher percentage of Government applications than other industry sectors; SQL Injection trend is flat while declining in the overall dataset
4. A sizable proportion of Android applications were found to contain hard-coded cryptographic keys
5. Independent security verification of third-party software is being carried out by multiple industry segments
6. Greater knowledge of application security is associated with improved security quality scores
7. Development agility and application security are not mutually exclusive


Link relacionado:
- Veracode State of Software Security Report Finds Eight Out of 10 Applications Fail to Meet New Security Standards

No hay comentarios: