One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 2103295 |
| Date de publication | 2020-12-08 15:02:20 (vue: 2020-12-15 21:05:42) |
| Titre | Government and Education Have the Highest Percentage of Apps With Security Flaws |
| Texte |  It???s been a stressful year, to say the least, for the government and education sector. Government organizations were challenged with pivoting their operations to a digital model while schools were forced to decide between hybrid or remote learning programs for their students.
The rise of digital operations has made application security (AppSec) more important than ever. But, in our recent State of Software Security v11 (SOSS) report, we found that compared to other industries, the government and education sector has the highest percentage of applications with security flaws, the second-slowest fix rate, and the second-longest median time to fix flaws.
How can the government and education sector improve its fix rate and half-life?
For this year???s SOSS report, we looked at how ???nature??? and ???nurture??? contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applications ??? size, age, and flaw density ??? can have a negative effect on how long it takes to remediate a security flaw. But we also found that ???nurturing??? the security of applications ??? using DAST with SAST, frequent scanning, using SAST through API???s, steady scan cadence, and using SCA with SAST ??? can have a positive effect on how long it takes to remediate security flaws.
When looking at the ???nature??? of government and education applications, it???s a bit of a mixed bag. Compared to other industries, government and education have the youngest applications and the smallest organizations ??? both of which are positive attributes. But, on the other hand, government and education applications are fairly large and have the highest flaw density.
In terms of ???nurturing,??? the government and education sector scan more frequently and use APIs more often than other industries. But the sector has the lowest ranking for use of DAST and scan cadence and a middle-of-the-road ranking for SCA.
In order to improve its median time to flaw remediation and increase its fix rate, the government and education sector needs to start using DAST and SCA more frequently and improve its scan cadence (which should help eliminate security debt). Just using some DevSecOps best practices will not move the needle.
Which flaws should the government and education sector keep an eye on?
In the government and education sector, 80 percent of applications have security flaws. Of those flaws, we found that Cross-Site Scripting (XSS) and input validation are especially high in the government and education sector when compared to other industries. On a positive note, we found the sector to have a lower-than-average prevalence of CRLF injection flaws. It???s important to understand the flaw types affecting your organization and to set rules regarding which flaws should be remediated first.
To learn more about the security trends in the government and education sector, download |
| Envoyé | Oui |
| Condensat | about affecting age also api apis application applications apps appsec are attributes average bag been best between bit both but cadence can challenged close compared contribute crlf cross dast debt decide density devsecops digital download education effect eliminate especially ever eye fairly first fix flaw flaws forced found frequent frequently government half hand has have help high highest how hybrid important improve increase industries industry injection input its just keep large learn learning least life long longest looked looking lower lowest made median middle mixed model more move nature needle needs negative not note nurture nurturing often operations order organization organizations other out percent percentage pivoting positive practices prevalence programs ranking rate recent regarding remediate remediated remediation remote report rise road rules sast say sca scan scanning schools scripting second sector security securityツ set should site size slowest smallest snapshot: software some soss start state steady stressful students takes terms than those through time trends types understand use using v11 validation when which will xss year youngest your |
| Tags | |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.