Businesses have been given another wake-up call when it comes to the need to keep their apps properly updated (opens in new tab).
New research from security firm Veracode found that fixing a typical application security flaw takes around six months, meaning organisations could find themselves open to attack for longer than expected.
In many cases, the company found that there is little security teams can do to mitigate such issues, leaving businesses vulnerable unless they up their protection significantly.
- Here's our list of the best web hosting services (opens in new tab)
- The best endpoint protection software (opens in new tab) for your business
- Check out our roundup of the best online cybersecurity courses (opens in new tab)
Overall, Veracode analysed 130,000 applications and found more than three quarters (76%) had at least one security flaw. However, only 24% were found to have high-severity flaws, meaning they posed a major risk to operations.
Open-source flaws were found to be the fastest-rising concern for businesses, showing that there is work to be done across the technology industry to cut down on such vulnerabilities. 70% of applications were found to inherit at least one security flaw from their open source libraries, with Veracode's report also finding that 30% of applications have more flaws in their open source libraries than in the code written in-house.
“The goal of software security isn’t to write applications perfectly the first time, but to find and fix the flaws in a comprehensive and timely manner,” said Chris Eng, Chief Research Officer at Veracode. “Even when faced with the most challenging environments, developers can take specific actions to improve the overall security of the application with the right training and tools.”
The report advised businesses concerned about their security practices to ensure they up their scanning processes, as frequently scanning applications and faster remediation times can make all the difference to keeping an organisation safe. On the human side, Veracode advised companies to ensure their security teams are equipped with the necessary tools and resources needed, so that the "security debt" found in many organisations does not end up spelling disaster.
- And here's our list of the best data protection services (opens in new tab)