Skip to main content

Here's another huge reason why you should keep updating all your business apps

Lock
(Image credit: Shutterstock)

Businesses have been given another wake-up call when it comes to the need to keep their apps properly updated.

New research from security firm Veracode found that fixing a typical application security flaw takes around six months, meaning organisations could find themselves open to attack for longer than expected.

In many cases, the company found that there is little security teams can do to mitigate such issues, leaving businesses vulnerable unless they up their protection significantly.

Updated

Overall, Veracode analysed 130,000 applications and found more than three quarters (76%) had at least one security flaw. However, only 24% were found to have high-severity flaws, meaning they posed a major risk to operations.

Open-source flaws were found to be the fastest-rising concern for businesses, showing that there is work to be done across the technology industry to cut down on such vulnerabilities. 70% of applications were found to inherit at least one security flaw from their open source libraries, with Veracode's report also finding that 30% of applications have more flaws in their open source libraries than in the code written in-house.

“The goal of software security isn’t to write applications perfectly the first time, but to find and fix the flaws in a comprehensive and timely manner,” said Chris Eng, Chief Research Officer at Veracode. “Even when faced with the most challenging environments, developers can take specific actions to improve the overall security of the application with the right training and tools.”

The report advised businesses concerned about their security practices to ensure they up their scanning processes, as frequently scanning applications and faster remediation times can make all the difference to keeping an organisation safe. On the human side, Veracode advised companies to ensure their security teams are equipped with the necessary tools and resources needed, so that the "security debt" found in many organisations does not end up spelling disaster.