Virtualization Technology News and Information
Article
RSS
New Black Duck Research Finds High-Risk Sectors Riddled with Critical Vulnerabilities
Black Duck Software, Inc. ("Black Duck") announced the publication of the "2024 Software Vulnerability Snapshot" report highlighting various industries' unique challenges and approaches to addressing software vulnerabilities. The report, which analyzes data from over 200,000 dynamic application security testing (DAST) scans conducted by Black Duck on approximately 1,300 applications across 19 industry sectors from June 2023 to June 2024, found significant variations in vulnerability types and remediation practices.  

The findings provide insights into the current state of security for web-based applications and systems, and the potential impact of security vulnerabilities on business operations in high-risk sectors such as Finance, Insurance, and Healthcare.  Notably, the report identified that the Finance and Insurance sector had the highest number of critical vulnerabilities (1,299), and the Healthcare and Social Assistance sector had the second-highest (992) within the data set.

Of the 96,917 total vulnerabilities identified, the two most critical categories were cryptographic failures (weaknesses in how an application secures sensitive information), with over 30,000 instances, and injection vulnerabilities (when malicious code tricks an application into executing unintended actions or accessing data without proper authorization), with just over 4,800 instances. Both pose significant threats to data across all industries, and potential breaches could lead to the theft of personally identifiable information (PII), financial data, and medical records, resulting in severe financial losses and reputational damage. 

Additionally, the report found that there's no one-size-fits-all timeline for remediation approaches. In fact, there's significant variance when it comes to the mean time to remediate (MTTR) across industries, with stringent regulations forcing Finance and Insurance to move quicker (28 days for smaller/lower complexity web assets), compared to the Utilities sector, which had the longest time to close (107 days for smaller/lower complexity web assets). This is likely due to the sector operating on legacy systems that are difficult to patch and update.

Operational disruptions pose a large business risk, no matter the industry. The research found that widespread security misconfigurations (98% of applications affected) threaten business continuity and service availability.

"The high number of vulnerabilities found from the past year is a clear wake-up call that businesses cannot remain stagnant when deploying new security measures," said Jason Schmitt, CEO, Black Duck. "The longer it takes for an organization to patch a vulnerability, the larger the chance of exploitation. Software risk equates to business risk, and with today's malicious actors being more sophisticated than ever, it's increasingly important that businesses across every sector build trust in their software by implementing a comprehensive and integrated approach."  

To learn more, download a copy of the "2024 Software Vulnerability Snapshot" report
Published Tuesday, November 12, 2024 10:57 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567