/apr 8, 2021

Technology Companies Have the Largest Proportion of Applications With High-Severity Flaws

By Hope Goslin

As a result of the worldwide pandemic, technology companies were forced to pivot to fully remote operations. For many organizations, this meant accelerating their digital transformation efforts.

But despite the investment in digital transformation efforts, there haven’t been enough investments in security measures. Our recent State of Software Security v11 (SOSS) report found that, when compared to other industries, the technology industry has the second-highest proportion of applications with security flaws and the highest proportion of applications with high-severity flaws. 

Given that the pandemic has incited an increase in cyberattacks, now is not the time to have vulnerable applications. Luckily, the technology industry is efficient when it comes to fixing flaws and managing its security debt. 

SOSS technology sector trends

If technology companies are looking to become even more efficient at fixing flaws and managing security debt, they should look at the nature of their applications and see if there are any attributes that can be improved through nurture. For example, our SOSS research uncovered that many technology applications are large and dated. Although those attributes can’t be easily changed, increasing scan cadence could have a very positive effect on application security health. In fact, the report found that a steady scan cadence can improve time to remediation by approximately 14 days.

But fix rate and time to remediation shouldn’t be the only concerns. It’s also crucial that technology organizations know what types of flaws are the most prevalent so that they can take proactive steps to prevent these flaws.

For technology, information leakage and cryptography issues seem to be the most rampant. This is likely due to the fact that technology companies collect and handle sensitive information. Our Software Security Flaw Heat Map gives tips for avoiding these flaws.

SOSS technology flaw types

But what else should the technology sector know about its application security health, and what other step can companies take to prevent a breach?

For more information on software security trends in the technology industry, check out The State of Software Security Industry Snapshot.

Related Posts

By Hope Goslin

Hope is part of the content team at Veracode, based in Burlington, MA. In this role, she focuses on creating engaging AppSec content for the security community.