According to our most recent State of Software Security Report, the financial services industry has fewer security flaws in its applications than last year. Great news, right?
That said, the reduction in security flaws isn’t as significant as we would hope to see. The financial services industry has traditionally been recognized for having the least amount of security flaws. This year, however, the manufacturing industry has dethroned financial services with an average of 72 percent of applications containing a security flaw.
Financial services organizations also have more high-severity flaws, 18 percent, and a slower fix rate, 22 percent, than most industries.
But take a look at the time it takes the financial services industry to remediate flaws found by static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA). When security flaws are found, financial organizations move faster than most to make sure they’re remediated. In fact, when it comes to fixing security flaws discovered by SCA, after the first year, the financial services industry addresses vulnerable libraries about a month faster than the cross-industry average.