Business Wire

MA-VERACODE

Share
Veracode Research Reveals Government Applications at Heightened Risk of Cyber Attack: 59% Have Flaws Left Unfixed for More than a Year

Veracode, a global leader in application risk management, today released research revealing applications developed by public sector organizations have more security debt than those created by the private sector. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59 percent of applications in the public sector, compared to the overall rate of 42 percent. The research analyzed public sector organizations in more than 25 countries across the globe.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240529282258/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Figure 2: Security Debt in Public Sector Applications (Graphic: Business Wire)

“Decades of accumulated security debt in unpatched software and poor security configurations, are in the applications that serve our government,” said Chris Eng, Chief Research Officer at Veracode. “Without a systematic and continuous approach to finding and fixing security flaws, the public sector is left dangerously exposed to attacks from hackers.”

Federal government systems are increasingly under cyberattack, as malicious criminals target public sector organizations with more damaging and disruptive techniques. In response, the federal government is enforcing a flurry of initiatives to strengthen cybersecurity, including efforts to reduce risk in the applications that serve the government. In March of 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) released the Secure Software Development Attestation Form to hold providers to the federal government accountable for insecure software.

Veracode researchers found that while slightly fewer public sector organizations (68 percent) have security debt than other industries (71 percent), they tend to accumulate more of it. Only three percent of applications are flaw-free, compared to six percent across other industries. Even more concerning, 40 percent of public sector entities have persistent, high-severity flaws that constitute ‘critical’ security debt, which would put the confidentiality, integrity, and availability of businesses at serious risk if exploited.

“The good news is that most organizations have the capacity to remediate all critical debt, but risk prioritization is key,” said Eng. “Two-thirds of all flaws in public sector organizations are either less than one year old or are not critical in severity. In addition, less than one percent of all flaws constitute critical security debt. By prioritizing that security debt with focused effort, organizations can achieve maximum risk reduction and then move to address non-critical flaws based on their risk tolerance and capabilities.”

According to the report, security debt in the public sector primarily affects first-party code (93 percent), but most of the critical security debt comes from third-party dependencies (55.5 percent). This reinforces the importance of the Open Source Security Software Initiative (OS3I), an inter-agency working group focused on ensuring open-source software is “as safe, secure and sustainable as it is open.” It also emphasizes the need for organizations to focus on both first- and third-party code to effectively reduce security debt.

The analysis further shows security debt in the public sector is primarily concentrated in older, larger applications (22 percent). This is especially true for critical security debt (30 percent), confirming a correlation between application age and the accumulation of security debt. Researchers also compared the security debt profile for different development languages and found that Java and .NET applications stand out as significant sources of debt in the public sector.

“The current state of software security in the public sector reinforces the importance of making secure by design a standard approach for the whole network connected world,” closed Eng. “We applaud CISA’s recent announcement of its Secure by Design Pledge and are proud to be one of the inaugural signatories. Our goal with this research is to further support our government and industry partners in promoting widespread adoption of these principles.”

The full State of Software Security Public Sector 2024 report is available to download on the Veracode website.

About the State of Software Security Report

The Veracode State of Software Security 2024 report analyzed data from large and small companies, commercial software suppliers, software outsourcers, and open-source projects. The research draws from more than a million (1,007,133) applications across all scan types, 1,553,022 dynamic analysis scans, and 11,429,365 static analysis scans. All those scans produced 96 million raw static findings, 4 million raw dynamic findings, and 12.2 million raw software composition analysis findings.

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.

Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240529282258/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

SLB Capturi Completes Construction of the World’s First Industrial-Scale Carbon Capture Plant at a Cement Facility2.12.2024 22:35:00 CET | Press release

Facility will reduce emissions by up to 400,000 metric tons of CO2 annually for Heidelberg Materials ― one of the world’s largest building materials companies SLB Capturi has reached a significant milestone of mechanical completion of the carbon capture plant at Heidelberg Materials’ cement facility in Brevik, Norway. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241202648162/en/ The carbon capture plant is designed to capture up to 400,000 metric tons of CO2 annually from the Heidelberg Materials cement facility in Brevik, Norway. (Photo: Business Wire) With the full-scale carbon capture plant now complete, including the carbon capture system, compression system, heat integration system, intermediate storage, and loadout facilities, the plant is now ready for testing and commissioning. When operational, this world-first commercial-scale carbon capture plant at a cement facility will enable production of net zero cement, wi

Winter Wonderland in the Heart of NYC: The Empire State Building Celebrates the Holiday Season with Extravagant Holiday Décor, Festive Movie Screenings, Special Lightings, and More2.12.2024 22:30:00 CET | Press release

The Empire State Building (ESB) today announced details for its fan-favorite holiday festivities with over-the-top decorations, festive pop-ups, classic movie screenings, and special tower lightings. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241202020008/en/ Winter Wonderland in the Heart of NYC: The Empire State Building Celebrates the Holiday Season with Extravagant Holiday Décor, Festive Movie Screenings, Special Lightings, and More (Photo: Business Wire) “There is no place quite like New York to spend the holidays, and the Empire State Building tops the list of things to do in NYC,” said Jean-Yves Ghazi, president of the Empire State Building Observatory. “From photos with Santa to classic film screenings, guests will make holiday memories to last a lifetime with the best views in New York City.” Topped with Tinsel Every corner of the Empire State Building Observatory will be adorned in festive holiday decorations w

IonQ Unveils New Enterprise-Grade Quantum OS and Hybrid Services Suite2.12.2024 22:05:00 CET | Press release

Full stack development approach drives enterprise-grade capabilities, enabling improved quantum functionality for commercial applicationsIonQ Quantum OS drives an average reduction of over 50 percent in on-system classical overhead, improving time to solution for quantum workloads IonQ (NYSE: IONQ), a leader in the quantum computing and networking industry, today announced the launch of its quantum operating system, now called IonQ Quantum OS, and a collection of new capabilities named IonQ Hybrid Services suite. These technologies will greatly advance performance and utility of quantum computing for enterprise customers. IonQ Quantum OS is a nearly ground-up rewrite of IonQ’s original quantum operating system. Designed and built with a flexible and modular architecture, it is designed to scale and adapt with IonQ’s hybrid quantum computing ecosystem and power IonQ’s current and future flagship quantum computers, including IonQ Forte and IonQ Forte Enterprise. Designed for improved per

BitGo Launches Comprehensive Retail Platform2.12.2024 16:00:00 CET | Press release

New Dedicated Retail Platform Enables Retail Investors to Buy, Sell, Trade, Custody, and Stake Crypto AssetsU.S. Retail Investors Can Sign Up for BitGo’s Retail Platform to be Entered to Win a Full Bitcoin BitGo, the leading infrastructure provider of digital asset solutions trusted by institutions since 2013, today announced the official launch of its dedicated retail platform, providing retail customers access to BitGo’s comprehensive suite of regulated and secure digital asset trading, staking, wallets, and qualified custody services. The platform is now live for all global investors and available for sign-up at bitgo.com/welcome. Eligible U.S.-based investors who sign up for BitGo’s retail platform will have the opportunity to win a full bitcoin. Key advantages of BitGo’s retail platform include:Security and Trust: As one of the most trusted companies in the global digital asset space since 2013, BitGo has safeguarded billions in crypto assets for institutions, providing the highes

Lone Star Completes Acquisition of Carrier’s Commercial and Residential Fire Business Forming Kidde Global Solutions2.12.2024 16:00:00 CET | Press release

Lone Star Funds (“Lone Star”) today announced that an affiliate has successfully completed the acquisition of Carrier Global Corporation’s Commercial and Residential Fire business in a transaction valued at $3 billion. As a result of the transaction, the business will operate as an independent company under the new name Kidde Global Solutions. Kidde Global Solutions unifies some of the most trusted and iconic brands in fire and life safety, including Kidde, Kidde Commercial, Edwards, GST, Badger, Gloria, and Aritech. "Kidde Global Solutions is an industry-leading portfolio of strong brands and innovative teams with a long history of serving global customers and exciting growth opportunities," said Donald Quintin, Chief Executive Officer of Lone Star. “We look forward to working with Kidde Global Solutions’ talented management team to further build this outstanding business." The initial definitive agreement of the sale was announced in August 2024 and the final close took place on Dece

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye