"82% of Public Sector Applications Contain Security Flaws"

Security researchers at Veracode have discovered that more than four-fifths (82%) of public sector applications have security flaws, the highest proportion of any industry.  The researchers also found that the public sector takes around twice as long to fix flaws once detected compared to other industries.  In addition, 60% of flaws in third-party libraries in the public sector remain unfixed after two years.  This is double the time frame of other industries and 15 months behind the cross-industry average.  The researchers analyzed data collected from 20 million scans across half a million applications in the public sector, manufacturing, financial services, retail & hospitality, healthcare, and technology.  The public sector also had the joint lowest vulnerability fix rate of all industries, at 22%.  The researchers stated that the findings suggest that public sector entities are particularly vulnerable to software supply chain attacks like SolarWinds and Kaseya, which could lead to disruptions and critical data being compromised.  The researchers noted that they found that public sector organizations have made significant improvements in tackling high severity flaws, which is encouraging.  According to the analysis, high-level flaws only appear in 16% of public sector applications, and the total number has decreased by 30% in the past year. 

Infosecurity reports: "82% of Public Sector Applications Contain Security Flaws"