Veracode Reveals Automation and Training Are Key Drivers of Software Security for Financial Services
Veracode, a leading global provider of intelligent software security, today released new research that unveils the key factors influencing flaw introduction and accumulation in the Financial Services sector. The security performance of financial applications generally outperforms other industries, with automation, targeted security training, and scanning via Application Programming Interface (API) contributing to a year-over-year reduction in the percentage of applications containing flaws.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231025298360/en/
Figure 6: Factors Influencing the Number of Flaws Introduced (Graphic: Business Wire)
Against a backdrop of major regulations impacting the financial services sector, including the U.S. Securities and Exchange Commission cybersecurity disclosure rules and the E.U. Digital Operational Resilience Act (DORA), Veracode’s study provides recommendations to reduce risk from software vulnerabilities. While nearly 72 percent of applications in the Financial Services sector contain security flaws, this is the lowest of all industries analyzed and an improvement since last year.
“Financial services made a strong showing across the board in this year’s analysis,” said Chris Eng, Chief Research Officer at Veracode. “Increasing competition and customer expectations, combined with tighter regulations across the industry, have put greater pressure on developers and security teams to find and fix flaws at scale. Moreover, the explosion of AI and Machine Learning has pushed the pace of software development to a new level, leading to the hyperproliferation of flaws. The sector has done well to better its performance, but there is more to be done and financial organizations would benefit from increased automation and secure coding techniques to help them prevent, detect, and respond to vulnerabilities faster than ever.”
API Scanning and Training Lowers Likelihood and Introduction of Flaws
Veracode’s research found Financial Services organizations see stronger effects from the positive elements of scanning via API and security training, compared with the cross-industry average. Scanning via API is a measure of maturity in a software security program, and enterprises that integrate API usage likely have greater automation and control over the development pipeline. In fact, those that leverage scanning via API perform 11 percent better than the baseline probability of non-Financials when it comes to flaw introduction per month. Adding interactive security training into the mix reduces this further, with the two factors combined lowering the chance of flaw introduction by 19 percent per month.
The impact of scanning via API and security training on the number of flaws when they are introduced is even more pronounced. When Financial Services teams completed 10 interactive security training modules, they introduced 26 percent fewer flaws, putting the sector’s performance well above the all-industry average. Similarly launching scans via API had a stronger influence on the number of flaws introduced in Financial Services applications than in other industries.
Eng said, “The data indicates that Financial Services organizations benefit significantly from automation through API usage. Reaching automation is aspirational for many organizations but we see that launching scans via API correlates with a lower probability that flaws will be introduced, and then a reduction in the amount of flaws that do find their way into software. Unsurprisingly, training also has a direct correlation with reduced flaw introduction.”
The Power of AI and Machine Learning
The State of Software Security report also analyzed language preference by vertical and found, at 51 percent, Java is almost a de facto standard within the Financial Services sector. Veracode Fix, an AI-powered remediation tool launched earlier this year, leverages machine learning to generate fixes for 74 percent of Java static findings. Such a dramatic reduction in time and effort empowers organizations to improve security posture and lower risk even further, freeing up capacity for innovation and creation. Moreover, since Java applications are overwhelmingly (>95 percent) comprised of third-party code, Veracode’s data shows the industry benefits of Software Composition Analysis to bolster the safety and integrity of open-source code inclusion.
The Veracode State of Software Security: Financial Services report with full details and recommendations is available to download on the Veracode website.
The full global Veracode State of Software Security 2023 report is available to download here.
About the State of Software Security Report
The 13th edition of Veracode’s annual report on the State of Software Security examines historical trends shaping the software landscape and how security practices are evolving along with those trends. This year’s findings are based on the full historical data available from Veracode services and customers and represent a cross-section of large and small companies, commercial software suppliers, software outsourcers, and open-source projects. The report analyzes data collected from more than 27 million scans across 750,000 applications, and contains findings about applications that were subjected to static analysis, dynamic analysis, software composition analysis, and/or manual penetration testing through Veracode’s cloud-based platform. This new report highlights Financial Services-specific findings against Manufacturing, Retail & Hospitality, Technology, Healthcare, and the Public Sector.
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Using powerful AI trained on a carefully curated, trusted dataset from experience analyzing trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means.
Copyright © 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
About Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Global donors pledge over US$777 million to defeat neglected tropical diseases and improve the lives of 1.6 billion people at the Reaching the Last Mile Forum at COP283.12.2023 15:40:00 CET | Press release
Global donors at the 2023 Reaching the Last Mile Forum today pledged a collective US$777.2 million to help control, eliminate, and eradicate neglected tropical diseases (NTDs), in a landmark push to accelerate progress towards achieving the goals outlined in the World Health Organization’s 2030 roadmap on NTDs. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231203773888/en/ Uniting efforts with NTD-endemic countries, donors answered the urgent call to step up the fight against NTDs in the face of climate change, and to work together to improve the lives of the 1.6 billion people worldwide affected by these devastating yet preventable diseases. The pledging event was hosted by Reaching the Last Mile (RLM), the global health initiative driven by the philanthropy of His Highness Sheikh Mohamed Bin Zayed Al Nahyan, President of the UAE, in partnership with the Bill & Melinda Gates Foundation. The forum took place on the first ev
Sharjah Celebrates the UAE’s 52nd Union Day3.12.2023 09:22:00 CET | Press release
Sharjah concluded the 52nd Union Day celebrations, which lasted for 12 days, with wide participation from all segments of society including government entities, private sector institutions, Emiratis, international residents, and visitors to the emirate. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231203827502/en/ From the Union Day celebration in Sharjah (Photo 1: AETOSWire) Over 200 activities organized by the Sharjah National Day Celebrations Committee took place in the cities of Sharjah, Mleiha, Dibba Al Hosn, Khorfakkan, Kalba, Al Bataeh, Al Mudam, Al Dhaid, and Al Hamriyah. Celebrations also took place in cultural and tourist areas as Al Dhaid Fort, the heritage villages in Al Hamriyah, Mleiha, Kalba. Other locations included Wadi Al Hilo, the National Park in Sharjah, Al Hosn Island Canal, Khorfakkan Amphitheatre, Kalba Lake, and Al Bataeh Public Park. His Excellency Khalid Jasim Al Midfa, Chairman of the Sharjah Na
IFRC-DREF calls on global donors to help the world ‘Stand Tall’ in the face of accelerating humanitarian need - supporting smarter and faster disaster relief3.12.2023 01:01:00 CET | Press release
The International Federation of Red Cross and Red Crescent Societies (IFRC) has launched a new campaign to address rapidly escalating climate driven humanitarian crises. It calls on global governments and international donors to support local emergency responders and disaster hit communities - helping them to Stand Tall with smarter and faster humanitarian funding. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231202510555/en/ Stand Tall in the face of disaster with IFRC-DREF Insurance. (Photo: Business Wire) The IFRC’s Disaster Response Emergency Fund (IFRC-DREF) is the quickest, most efficient and most transparent way of getting funding directly to local National Societies — both before and immediately after a crisis hits. Yet it faces growing pressure to anticipate and respond to multiple, simultaneous and complex crises around the world as a result of climate change. Today, 3.6 billion people live in areas highly suscep
11 Winners Recognised at Zayed Sustainability Prize Awards Ceremony held during COP28 UAE2.12.2023 03:15:00 CET | Press release
His Highness Sheikh Mohamed bin Zayed Al Nahyan, President of the UAE, today awarded the winners of the Zayed Sustainability Prize, the UAE’s pioneering global award in sustainability and humanitarianism, during a ceremony held at COP28 UAE in Expo City Dubai. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231201649250/en/ 11 winners of the Zayed Sustainability Prize Recognised at COP28 (Photo: AETOSWire) The Ceremony was attended by numerous heads of delegations participating in COP28, ministers, senior government officials, and Prize winners and finalists. His Highness congratulated the winners, praising their efforts in promoting sustainability and encouraging them to continue their important contributions in this field. His Highness emphasised that the UAE is steadfast in building upon its established legacy in sustainability, a foundation laid by the country’s Founding Father, the late Sheikh Zayed bin Sultan Al Nahyan.
Zextras Introduces Carbonio - A Private Digital Workplace1.12.2023 16:07:00 CET | Press release
Zextras, the leading email and collaboration solutions provider, introduced Carbonio - a private digital workplace for the public sector and regulated industries. Carbonio emerges as an exceptional solution for the public sector, enabling them to implement an extensive digital workspace for their internal teams and stakeholders. Delivering a suite of features that are not only comprehensive but also fully customizable, from emails and calendars to video meetings and file storage, Carbonio allows for superior adaptation to any unique technical requirements or business objectives. It is equally enticing for regulated industries to enhance their operations by providing secure software solutions tailored to meet the distinct security needs of their country and respective states. The platform is rooted in robust compliance with global data protection regulations, including the European General Data Protection Regulation (GDPR). This fosters a secure digital environment for users, ensuring t