IT Security
Veracode Reveals Automation And Training Are Key Drivers Of Software Security For Financial Services
By Business Wire
Share
72% of Financial Services Applications Contain Security Flaws; API-launched Scanning and Interactive Security Training Drop Probability of Flaw Introduction to 22%
Sector Tops Major Industries in State of Software Security 2023 Report
BURLINGTON, Mass.--(BUSINESS WIRE)--#AI--Veracode, a leading global provider of intelligent software security, today released new research that unveils the key factors influencing flaw introduction and accumulation in the Financial Services sector. The security performance of financial applications generally outperforms other industries, with automation, targeted security training, and scanning via Application Programming Interface (API) contributing to a year-over-year reduction in the percentage of applications containing flaws.
Against a backdrop of major regulations impacting the financial services sector, including the U.S. Securities and Exchange Commission cybersecurity disclosure rules and the E.U. Digital Operational Resilience Act (DORA), Veracode’s study provides recommendations to reduce risk from software vulnerabilities. While nearly 72 percent of applications in the Financial Services sector contain security flaws, this is the lowest of all industries analyzed and an improvement since last year.
“Financial services made a strong showing across the board in this year’s analysis,” said Chris Eng, Chief Research Officer at Veracode. “Increasing competition and customer expectations, combined with tighter regulations across the industry, have put greater pressure on developers and security teams to find and fix flaws at scale. Moreover, the explosion of AI and Machine Learning has pushed the pace of software development to a new level, leading to the hyperproliferation of flaws. The sector has done well to better its performance, but there is more to be done and financial organizations would benefit from increased automation and secure coding techniques to help them prevent, detect, and respond to vulnerabilities faster than ever.”
API Scanning and Training Lowers Likelihood and Introduction of Flaws
Veracode’s research found Financial Services organizations see stronger effects from the positive elements of scanning via API and security training, compared with the cross-industry average. Scanning via API is a measure of maturity in a software security program, and enterprises that integrate API usage likely have greater automation and control over the development pipeline. In fact, those that leverage scanning via API perform 11 percent better than the baseline probability of non-Financials when it comes to flaw introduction per month. Adding interactive security training into the mix reduces this further, with the two factors combined lowering the chance of flaw introduction by 19 percent per month.
The impact of scanning via API and security training on the number of flaws when they are introduced is even more pronounced. When Financial Services teams completed 10 interactive security training modules, they introduced 26 percent fewer flaws, putting the sector’s performance well above the all-industry average. Similarly launching scans via API had a stronger influence on the number of flaws introduced in Financial Services applications than in other industries.
Eng said, “The data indicates that Financial Services organizations benefit significantly from automation through API usage. Reaching automation is aspirational for many organizations but we see that launching scans via API correlates with a lower probability that flaws will be introduced, and then a reduction in the amount of flaws that do find their way into software. Unsurprisingly, training also has a direct correlation with reduced flaw introduction.”
The Power of AI and Machine Learning
The State of Software Security report also analyzed language preference by vertical and found, at 51 percent, Java is almost a de facto standard within the Financial Services sector. Veracode Fix, an AI-powered remediation tool launched earlier this year, leverages machine learning to generate fixes for 74 percent of Java static findings. Such a dramatic reduction in time and effort empowers organizations to improve security posture and lower risk even further, freeing up capacity for innovation and creation. Moreover, since Java applications are overwhelmingly (>95 percent) comprised of third-party code, Veracode’s data shows the industry benefits of Software Composition Analysis to bolster the safety and integrity of open-source code inclusion.
The Veracode State of Software Security: Financial Services report with full details and recommendations is available to download on the Veracode website.
The full global Veracode State of Software Security 2023 report is available to download here.
About the State of Software Security Report
The 13th edition of Veracode’s annual report on the State of Software Security examines historical trends shaping the software landscape and how security practices are evolving along with those trends. This year’s findings are based on the full historical data available from Veracode services and customers and represent a cross-section of large and small companies, commercial software suppliers, software outsourcers, and open-source projects. The report analyzes data collected from more than 27 million scans across 750,000 applications, and contains findings about applications that were subjected to static analysis, dynamic analysis, software composition analysis, and/or manual penetration testing through Veracode’s cloud-based platform. This new report highlights Financial Services-specific findings against Manufacturing, Retail & Hospitality, Technology, Healthcare, and the Public Sector.
About Veracode
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Using powerful AI trained on a carefully curated, trusted dataset from experience analyzing trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.
Copyright © 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
ContactsKaty Gwilliam
kgwilliam@veracode.com
First published on Wed, Oct 25, 2023
Enjoyed what you've read so far? Great news - there's more to explore!
Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.
Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.
Dive into TechDogs' treasure trove today and Know Your World of technology!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.
Tags:
Related News on IT Security
Devo Security Data Platform Attains FedRAMP® Authorization
Tue, Jan 9, 2024
By PR Newswire
Darktrace Appoints Chris Kozup As Chief Marketing Officer
Thu, May 25, 2023
By PR Newswire
Ermetic CNAPP Now Available On Google Cloud Marketplace
Wed, Aug 23, 2023
By Business Wire
UK NHS Trusts Challenged by Attack Surface Complexities
Mon, Jun 19, 2023
By Business Wire
Nisos Announces Comprehensive Managed Intelligence Suite
Tue, Apr 4, 2023
By Business Wire
Perimeter 81 Announces Integration With ConnectWise PSA
Wed, Feb 15, 2023
By Business Wire
Trending Business Wire
Netapp Announces Integrated Solution With AWS Outposts For Hybrid Cloud Deployments
By Business Wire
Orange Business Launches "Live Intelligence": A Range Of Plug-And-Play Genai Solutions For Businesses
By Business Wire
Spectro Cloud Launches Edge In A Box Solution With Hewlett Packard Enterprise To Streamline Enterprise Kubernetes Adoption
By Business Wire
Veridas Launches Identity Fraud Solutions On Google Cloud Marketplace
By Business Wire
Viz.Ai Collaborates With Microsoft To Advance AI-Powered Clinical Workflows And Better Patient Care
By Business Wire
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion