/aug 22, 2022

Financial Services Organizations Have Fewer Security Flaws in Applications

By Veracode

According to our most recent State of Software Security Report, the financial services industry has fewer security flaws in its applications than last year. Great news, right?  

Graphical user interface, website</p> <p>Description automatically generated

That said, the reduction in security flaws isn’t as significant as we would hope to see. The financial services industry has traditionally been recognized for having the least amount of security flaws. This year, however, the manufacturing industry has dethroned financial services with an average of 72 percent of applications containing a security flaw.  

Financial services organizations also have more high-severity flaws, 18 percent, and a slower fix rate, 22 percent, than most industries.  

  

But take a look at the time it takes the financial services industry to remediate flaws found by static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA). When security flaws are found, financial organizations move faster than most to make sure they’re remediated. In fact, when it comes to fixing security flaws discovered by SCA, after the first year, the financial services industry addresses vulnerable libraries about a month faster than the cross-industry average. 

A picture containing graphical user interface</p> <p>Description automatically generated

There are several reasons that the financial services industry might prioritize open-source flaws. Industry regulations like the General Data Protection Regulation (GDPR) and the New York State Department of Financial Services (NYSDFS) mandate security controls on open-source usage. It could also be the result of security requirements put into place by The White House Executive Order on Improving the Nation’s Cybersecurity. Regardless, the financial services industry should keep up their diligent work with flaw remediation and work to improve the number of flaws introduced into its codebase. 

To learn more about the State of Software Security Report and how financial services organizations stack up against other industries, please check out our infosheet, State of Software Security Report: Financial Services. You can also check out a video of the findings here

Related Posts

/01 apr, 2024

Veracode Advances Cloud-Native Application Security with Longbow Acquisition

By Brian Roche

Learn More
/28 mar, 2024

Veracode Customers Shielded from NVD Disruptions

By Nova Trauben

Learn More
/27 mar, 2024

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

By Robert Haynes

Learn More
By Veracode

By embedding into your existing software development workflow, Veracode ensures that security assessments and vulnerability remediations are completed during logical points throughout your development cycle.