Posts Tagged ‘software’
58% of critical apps insecure
Written by John P Mello Jr on March 5, 2010 – 4:05 pm -
The most prevalent vulnerability by overall frequency identified by the report is cross-site scripting (XSS).
Most software used by large companies in critical business applications is insecure, according to a report released by a company that tests programs for security vulnerabilities.
In a report titled “State of Software Security,” the company, Veracode, of Burlington, Mass. disclosed that when it first tested some 1600 business critical applications, 58 percent of them failed to achieve an acceptable security score.
The worst culprits were programs developed by companies for internal use. Failure rates for those applications were as high as 88 percent, the report said.
“Extrapolating from the application sample set, more than half of the software deployed in enterprises today is potentially susceptible to an application layer attack similar to that used in the recent Heartland or Google security breaches,” it noted.
The most secure software submitted to Veracode for testing originated with the financial industry or government sector. More than half the applications from those industries passed muster on their first go-round with testers, which placed them at the top of the list of 15 industries represented in the study’s data set.
The report also plugged open source software as a viable solution for businesses. The failure rate for open source programs was on par with their commercial counterparts–39 percent for open source, 38 percent for commercial wares.
What’s more, the speed at which security vulnerabilities were addressed in open source programs was far better than their competitors–36 days for open source, 48 days for internal software and 82 days for commercial apps.
In addition, open source programs contained the fewest vulnerabilities that could potentially be converted into backdoors which could be exploited by crackers for havoc. “The relative absence of potential backdoors is apparent testimony to the positive effect of transparency in the Open Source community,” the report reasoned.
Posted in email security, security | No Comments »
