"24% of Technology Applications Contain High-Risk Security Flaws"

During a new study, security researchers at Veracode found that with more applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.   The researchers found that 24 percent of applications in the technology sector contain security flaws that are considered high risk, meaning they would cause a critical issue for the application if exploited.  The researchers noted that organizations whose developers had completed just one lesson in their hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.  The researchers stated that the technology industry has the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent.  The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.  The researchers noted that tech firms are comparatively quick to fix software security flaws.  However, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.  Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications.  The researchers noted that the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.

Help Net Security reports: "24% of Technology Applications Contain High-Risk Security Flaws"