With a higher percentage of applications arguably processed than other industries, technology companies can benefit from implementing improved secure coding training and practices for their development teams. In fact, Veracode revealed that 24% of applications in the technology sector contain vulnerabilities considered high-risk.
“Expanding software security intuition by providing developers with hands-on experience of what it takes to find and exploit bugs in their code, and the potential impact of those bugs on their applications. Chris Eng, chief research officer at Veracode, said:
The technology industry accounts for 2 percent of applications containing security vulnerabilities. 79%, just ahead of the public sector at 82%. When it comes to the percentage of bugs fixed, the technology sector falls in the middle.
Tech companies fix software vulnerabilities relatively quickly
Fortunately, when technology companies find bugs in their applications, they are on their way to fixing them relatively quickly. In fact, the sector boasts remediation times for vulnerabilities discovered through static analysis (SAST) and software composition analysis (SCA) security testing.
The industry has taken up to 363 days to fix his 50% of bugs, suggesting there is still plenty of room for improvement.
Eng adds: This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which focus on the supply chain. ”
He continued: “In order to improve performance in the coming year, tech companies must not only consider strategies that help developers reduce the rate at which vulnerabilities are included in code, but also place greater emphasis on auditing. Automated security audits during continuous integration/continuous delivery (CI/CD) to increase efficiency
Server configuration, insecure dependencies, and information leaks are among the categories. The most common vulnerabilities are discovered by scanning dynamic technology applications, which often follow a similar pattern to other industries
In contrast, this sector has the largest deviation from the industry average for with cryptographic issues and information leaks, perhaps indicating that developers in the technology industry are more aware of data protection challenges.