Government ranks last in fixing software security holes
Three-quarters of all government Web and mobile applications fail their initial security reviews, making it the worst-performing vertical — and government agencies are also the slowest at fixing vulnerabilities, according to a new report released today by Veracode.
The report covers more than 200,000 applications analyzed over the past 18 months by the company. According to Chris Wysopal, CTO and CISO at Veracode, the application could be newly-written software, or legacy applications being sent to Veracode for the first time.
The applications are scanned for the most common security flaws, such as SQL injections, cross-site scripting, weak cryptography, using components with known vulnerabilities, missing access controls and broken authorization.