Government organizations fail at software security, fixing only 27 percent of vulnerabilities after detection, according to Veracode’s 2015 State of Software Security report.
Government organizations rank dead last in remediating software vulnerabilities, the benchmarking report revealed. Healthcare, retail, and hospitality sectors fare only slightly better. However, government software applications were found to have the most frequent occurrence of SQL injection vulnerabilities, which are used to steal data.
“As organizations increasingly rely on software to drive their businesses, the threat surface available to cyberattackers has dramatically expanded. As a result, one of the leading causes of data breaches over the past two years has been vulnerable applications, according to Verizon’s 2015 Data Breach Investigations Report. Yet, analytics collected from more than 200,000 application risk assessments over the last 18 months found a wide disparity in how the problem is addressed across industries,” commented Veracode.
Veracode attributed much of the government security trouble to outdated programming language that is more susceptible to vulnerabilities.
By comparison, the financial services and manufacturing sectors performed significantly better than other fields, with 65 percent and 81 percent of vulnerabilities addressed and remediated, showing more awareness and emphasis on cyber risk management.
For healthcare organizations, the picture is bleaker, noted Veracode.
“Given the large amount of sensitive data collected by healthcare organizations, it’s concerning that 80 percent of healthcare applications exhibit cryptographic issues such as weak algorithms upon initial assessment,” the firm said. “In addition, healthcare fares near the bottom of the pack when it comes to addressing remediation, with only 43 percent of known vulnerabilities being remediated.”
Veracode noted that organizations in every industry that used remediation services prior to a security problem ultimately fared better.