Healthcare Sector Leads the Way for Fix Rate of Software Security Flaws
Veracode, a leading global provider of application security testing solutions, today revealed that the healthcare sector takes first place for the proportion of software security flaws that are fixed, at 27 percent. The sector overtook financial services as the top-performing industry, demonstrating healthcare providers have made good headway toward the goal of making their software more secure over the past year.
The data was published in the company’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the healthcare, financial, technology, manufacturing, retail, and government sectors.
Chris Eng, Chief Research Officer at Veracode, said, “Healthcare is one of the more highly regulated sectors and is considered critical infrastructure by the government, so it’s encouraging to see the sector performs comparatively well in terms of overall flaw remediation. We hope healthcare developers and IT staff see this as a welcome ray of sunshine amidst the all-too-often gloomy realm of software security. There is still work to do, so here’s to more improvements in the years to come.”
Despite taking the top spot for fix rate, 77 percent of applications in the healthcare industry contain vulnerabilities, with 21 percent of applications containing high severity vulnerabilities. The sector also has ample room for improvement in terms of the time spent to fix flaws once they’re detected, taking up to a whopping 447 days to reach the halfway point of remediation.
Healthcare Breach Costs Are the Most Expensive
With healthcare companies incurring the highest average breach costs, at a new record high of $10.1 million*, taking proactive steps to minimize the risk of a cyberattack is imperative. Since data breaches in highly regulated industries tend to be associated with larger long-term costs that accrue over the ensuing years, the industry would benefit from even greater comprehensive efforts to address security earlier in the software development lifecycle.
Of the six industries analyzed, healthcare providers rank toward the bottom for the proportion of applications with any flaws, and second to last for the percentage of high-severity flaws—defined as those that present a serious risk to the application and organization if they were to be exploited. When it comes to the types of flaws discovered from dynamic analysis of applications in the sector, compared to other industries healthcare providers perform well for authentication issues and insecure dependencies, but have a higher incidence of cryptographic and deployment configuration issues.
Eng said, “We know that no application will ever be 100 percent free of security flaws, so it’s important that businesses take all necessary steps to minimize risk as much as possible. This includes scanning at a regular, rapid pace using multiple testing types, integrating testing tools into developer environments, and providing hands-on training to help developers understand the origin of flaws and how to fix or prevent them entirely. The healthcare sector should also take extra care to prioritize critical flaws—those vulnerabilities that could have a catastrophic impact if left unaddressed for too long.”
Andrew McCall, Vice President of Engineering, Azalea Health Innovations, said, “The biggest obstacle to building security into our workflows is that developers will treat security as just a checkbox. But security is an ongoing process and has to be top of mind throughout the software development life cycle. We chose Veracode because it was the easiest and best solution when it comes to integrating into our existing processes.”
Third-party Library Security
Considering a sharp increase in regulations to secure the software supply chain over the past year, the report analyzed third-party libraries to identify how vulnerabilities discovered through software composition analysis (SCA) behave. Overall, around 30 percent of vulnerable libraries remain unresolved after two years; however, that statistic reduces to 25 percent for the healthcare sector. In fact, while the overall ratio of vulnerable libraries found by SCA trends down steadily over time, healthcare experienced a brief upward spike before driving rates down dramatically over the last year or so.
* IBM Security and The Ponemon Institute, “Cost of a Data Breach Report 2022”: https://www.ibm.com/downloads/cas/3R8N1DZJ, July 2022
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
About Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Philip Morris International Announces New Regional Structure and Senior Management Changes to Accelerate Growth Toward a Smoke-Free Future25.11.2022 19:05:00 CET | Press release
Philip Morris International Inc. (PMI) (NYSE: PM) today announced a new regional structure and related senior management changes to enable continued growth as a multicategory leader internationally and advance its rapid transition toward a smoke-free future. “We are changing the company’s regional structure to further support the growth of our smoke-free business, reinforce consumer centricity, and increase the speed of innovation and deployment—all in alignment with our ambition of becoming a majority smoke-free business by net revenues by 2025,” said Jacek Olczak, PMI’s Chief Executive Officer. “The new structure will also create new opportunities to further grow our senior talent, deepening the bench of leaders who will spearhead PMI’s progress toward a smoke-free future for the years to come. I am confident of the exceptional caliber and determination of our people and wish them the best in their new roles.” By the end of January 2023, PMI will rearrange its operations in four regi
China’s Vanke Foundation presents fruitful green development achievements at COP2725.11.2022 15:44:00 CET | Press release
China’s Vanke Foundation invited dozens of Chinese charitable organizations, institutes and industry associations to present the fruitful achievements of China's green development at the recently concluded 2022 United Nations Climate Change Conference (COP27) in Sharm El-Sheikh. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221125005204/en/ Wang Shi(L4), Chairman of Vanke Foundation, and other Chinese delegates called for joint action on climate change at COP27 in Sharm El-Sheikh, Egypt on Nov. 11, 2022. (Photo: Business Wire) According to Wang Shi, Founder of Vanke Group, Chairman of Vanke Foundation, and Founder of C Team, only a few nongovernmental Chinese individuals, including himself, representing about 100 Chinese companies attended COP15 in Copenhagen back in 2009, while this year, together with numbers of partners from different sectors, approximately one million Chinese enterprises and institutions have been invol
Fruits Eco-Blockchain Project Completes its Security Audit of their Native Blockchain Conducted by Quantstamp25.11.2022 15:00:00 CET | Press release
Fruits Eco-Blockchain Project is pleased to announce their completion of a security audit of the Fruits Blockchain's contract system conducted by Quantstamp, a leader in web3 security. The focus of the audit was to verify that the smart contract system is secure, resilient and working according to its specifications. The audit activities can be grouped in the following three categories: This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221120005089/en/ Fruits Eco-Blockchain Project completes its security audit of their native blockchain conducted by Quantstamp (Graphic: Business Wire) Security: Identifying security related issues within each contract and within the system of contracts. Sound Architecture: Evaluation of the architecture of this system through the lens of established smart contract best practices and general software best practices. Code Correctness and Quality: A full review of the contract source code. The prim
Abu Dhabi Hosts Annual Investment Meeting May 202325.11.2022 14:49:00 CET | Press release
Abu Dhabi will host the 12th edition of the Annual Investment Meeting from 8 to 10 May 2023, which will take place under the theme of “The Investment Paradigm Shift: Future Investment Opportunities to Foster Sustainable Economic Growth, Diversity, and Prosperity”. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221125005180/en/ Abu Dhabi Hosts Annual Investment Meeting May 2023 (Photo: AETOSWire) At a press conference held today in Abu Dhabi, the announcement of the launch of AIM Global 2023 which is supported by the Ministry of Industry & Advanced Technologies, with the Abu Dhabi Department of Economic Development (ADDED) as a lead partner was made in the presence of H.E. Dr. Thani bin Ahmed Al Zeyoudi, Minister of State for Foreign Trade, Vice Chairman of the UAE Industry Development Council and H.E. Mohamed Ali Al Shorafa, Chairman of ADDED. AIM Global 2023 pillars will discuss the global capital market transformation, way
Alberto Bona’s Exploit on the Class40 IBSA : Eighth at the Route Du Rhum25.11.2022 13:13:00 CET | Press release
Thursday, November, 24, at 3:34:50 pm local time (8:34:50 Paris-Rome time) in Pointe-à-Pitre, Alberto Bona on the Class40 IBSA crossed the finish line of the twelfth edition of the Route du Rhum in eighth place. His race time is 15 days, 6 hours, 19 minutes and 50 seconds. The skipper of the Class40 IBSA sailed the 3,542 miles between Saint-Malo and Pointe-à-Pitre at a speed of 9.67 knots on the great-circle course, actually covering 4005.51 miles at an average speed of 10.93 knots. He arrived in Pointe-à-Pitre 1 day, 3 hours, 11 minutes and 10 seconds after the Class40 winner, Yoann Richomme. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221125005116/en/ Alberto Bona on the Class40 IBSA crosses the finish line of the twelfth edition of the Route du Rhum (©IBSA | Beppe Raso) “A very nice but extremely hard regatta, especially in the upwind week”, stated Alberto upon arrival. “I am extremely happy: IBSA and I made it togethe