Veracode, a leading global provider of application security testing solutions, today reveals that the healthcare industry ranks first in terms of proportions of software security vulnerabilities, targeted at 27%. The sector outpaced financial services in terms of top performance, demonstrating that healthcare providers have made good progress towards increasing the security of their software over the past year.
The data was published in the company's annual State of Software Security (SoSS) report v12, the result of the analysis of 20 million scans across half a million applications across healthcare, finance, technology, manufacturing, distribution and government.
Chris Eng, Head of Research at Veracode, said: “Healthcare is one of the most highly regulated sectors and is considered a critical infrastructure by the government. It is therefore encouraging to see this relatively positive behavior in terms of general vulnerability fixes. We hope that developers and IT staff in the healthcare industry see it as a welcome positive in the world of software security, which is too often not very encouraging. There is still work to be done, so we look forward to further improvements in the coming years ”.
Despite the first place achieved thanks to the fixed percentage of vulnerabilities, 77% of applications in the healthcare sector are subject to these problems, with a serious level in 21% of cases. The sector also has ample room for improvement in terms of time spent correcting vulnerabilities after their detection, with a staggering 447 days to reach the midpoint of correction.
As healthcare companies face the highest average cost per breach, which hit a new record of US $ 10,1 million *, it is essential to take proactive steps to minimize the risk of cyberattacks. As data breaches in highly regulated industries tend to be associated with higher long-term costs, which accumulate over the years, this segment could further benefit from even greater integrated efforts to address security right from the start. early stages of the software development lifecycle.
Within the 6 sectors analyzed, the healthcare sector is the last in terms of the proportion of applications with vulnerabilities of any type, and is in second last place in terms of the percentage of vulnerabilities with a high level of severity, assessed on the basis of serious risk to the application and the organization in the event of actual violations. When it comes to the type of breaches detected by the dynamic application analysis in the industry, health service providers score well with respect to authentication issues and insecure dependencies compared to other segments, but are subject to a higher incidence of authentication issues. encryption and deployment configuration.
“We know that no application will be 100% secure against security vulnerabilities, so it is important that companies take all necessary steps to reduce the risks as much as possible; this includes scanning activities at a rapid and regular pace, with different types of tests, the integration of test tools into development environments, and hands-on training to help developers understand the source of vulnerabilities and fix them, or to avoid them altogether. The health sector should also focus particularly on the priority to be given to critical vulnerabilities, those that could have catastrophic consequences if they are not addressed for too long ”.
Andrew McCall, Vice President of Engineering at Azalea Health Innovations, said: “The biggest obstacle to creating security in our workflows is that developers treat this as a simple component like any other, while it is a continuous process. , which must always be a priority throughout the software development lifecycle. We chose Veracode because it is the simplest and most optimal solution for integration into our existing processes ”.
Taking into account the sharp rise in regulations protecting the software supply chain last year, the report analyzed third-party libraries to identify the behavior of vulnerabilities detected through software composition analysis (SCA). In all, about 30% of vulnerable libraries remain vulnerable after two years, but the statistic is reduced to 25% in the case of the health sector. In reality, while the global percentage of libraries subject to vulnerabilities identified through SCA tends to decline steadily over time, the healthcare sector has experienced a brief surge before drastic reduction of this percentage, approximately in the last year.
The Veracode State of Software Security (SoSS) v12 report analyzed comprehensive historical data from Veracode's services and customers. This is a total of over half a million applications (592.720) for which all types of scans were used, over one million dynamic analytical scans (10.34.855), over five million static analytical scans (5.137.882) and over 18 million analytical scans on the composition of the software (18.473.203). All these scans generated 42 million raw static results, 3,5 million raw dynamic results, and 6 million raw SCA results.
The data represents companies large and small, commercial software vendors, external software vendors, and open-source projects. In most analyzes, an application was counted only once, even though it had been submitted several times to fix its vulnerabilities and new versions had been uploaded.
Veracode is a leading AppSec partner for building secure software, reducing the risk of security breaches, and making security and development teams more productive. Companies that rely on Veracode, therefore, can promote their business and move the world forward. By combining process automation, integrations, speed, and responsiveness, Veracode helps organizations get accurate, reliable results so they can focus their efforts on fixing, not just finding, potential vulnerabilities.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may also be filed in other jurisdictions. All other product names, trademarks or acronyms belong to their respective owners. All other trademarks mentioned in this press release are the property of their respective owners.
«I must return to complete my evolution: I will project myself inside the computer and become pure energy. Once settled in…
Google DeepMind is introducing an improved version of its artificial intelligence model. The new improved model provides not only…
Laravel, famous for its elegant syntax and powerful features, also provides a solid foundation for modular architecture. There…
Cisco and Splunk are helping customers accelerate their journey to the Security Operations Center (SOC) of the future with…
Ransomware has dominated the news for the last two years. Most people are well aware that attacks…
An ophthalmoplasty operation using the Apple Vision Pro commercial viewer was performed at the Catania Polyclinic…
Developing fine motor skills through coloring prepares children for more complex skills like writing. To color…
The naval sector is a true global economic power, which has navigated towards a 150 billion market...
