The Public Sector Has the Highest Proportion of Security Flaws of Any…

We recently launched the 12th annual edition of our State of Software Security (SOSS) report. To draw conclusions for the report, we examined the entire history of active applications. For the public sector data, we took the same approach. We examined the entire history of applications for government agencies and educational institutions.

We found that the public sector has the highest proportion of security flaws of any industry. On average, most industries have flaws in approximately 76 percent of their applications – but that number is 8 percent higher for the public sector at 82 percent.

As you’ll see in the figure above, the public sector also has a lower-than-average proportion of flaws actually fixed, and it takes significantly longer to remediate flaws.

Let’s dig a bit deeper into the remediation of open-source flaws. Remediating open-source flaws appears to take a while for every industry. In fact, for most industries, 30 percent of vulnerable libraries remain unresolved after two years. But for the public sector, that statistic doubles to almost 60 percent.

Public sector SOSS SCA

The high proportion of flaws and slow fix rate could be attributed to the public sector’s continued use of legacy software or a lack of proper funding for application security. But it can not be ignored that the public sector is making an effort to prioritize high-severity flaws.

The number of high severity flaws has decreased by 30 percent in the last year alone. Is this the result of the Executive Order outlining security requirements for vendors selling software to the US government? Are increased threats from remote operations and Covid-19 causing the public sector to keep a closer eye on high-severity flaws? It’s hard to say. But we do know that prioritizing the fix of high-severity flaws is a step in the right direction for the public sector.

The public sector also has lower-than-average flaws in two of its three most popular programming languages ​​- Java and JavaScript. Most industries have flaws in approximately 44.3 percent of their Java applications, but the public sector only has flaws in one-third of its Java applications. For JavaScript, most industries have flaws in approximately 13.8 percent of their applications, but the public sector is slightly lower with 10.2 percent.

Public sector SOSS Java

Public sector SOSS JavaScript

To learn more about our findings, please check out our video and infosheet, The State of Software Security Industry Snapshot.

Source

We recently launched the 12th annual edition of our State of Software Security (SOSS) report. To draw conclusions for the report, we examined the entire history of active applications. For the public sector data, we took the same approach. We examined the entire history of applications for government agencies and educational institutions.

We found that the public sector has the highest proportion of security flaws of any industry. On average, most industries have flaws in approximately 76 percent of their applications – but that number is 8 percent higher for the public sector at 82 percent.

As you’ll see in the figure above, the public sector also has a lower-than-average proportion of flaws actually fixed, and it takes significantly longer to remediate flaws.

Let’s dig a bit deeper into the remediation of open-source flaws. Remediating open-source flaws appears to take a while for every industry. In fact, for most industries, 30 percent of vulnerable libraries remain unresolved after two years. But for the public sector, that statistic doubles to almost 60 percent.

Public sector SOSS SCA

The high proportion of flaws and slow fix rate could be attributed to the public sector’s continued use of legacy software or a lack of proper funding for application security. But it can not be ignored that the public sector is making an effort to prioritize high-severity flaws.

The number of high severity flaws has decreased by 30 percent in the last year alone. Is this the result of the Executive Order outlining security requirements for vendors selling software to the US government? Are increased threats from remote operations and Covid-19 causing the public sector to keep a closer eye on high-severity flaws? It’s hard to say. But we do know that prioritizing the fix of high-severity flaws is a step in the right direction for the public sector.

The public sector also has lower-than-average flaws in two of its three most popular programming languages ​​- Java and JavaScript. Most industries have flaws in approximately 44.3 percent of their Java applications, but the public sector only has flaws in one-third of its Java applications. For JavaScript, most industries have flaws in approximately 13.8 percent of their applications, but the public sector is slightly lower with 10.2 percent.

Public sector SOSS Java

Public sector SOSS JavaScript

To learn more about our findings, please check out our video and infosheet, The State of Software Security Industry Snapshot.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

YouAttest collaborates with JumpCloud to give users access reviews for identity governance

YouAttest announced their product integration with JumpCloud - an open directory platform that gives IT, security...

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. ...

Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows. Even...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!