The State of Software Security (SOSS) report, published by application security firm VA Veracode, revealed that the financial services are one of the slowest sectors to effectively repair common vulnerabilities in software.
The global report discovered that financial service companies took 29 days to address a quarter of their vulnerabilities in coding – and over a year – 573 days – to remediate all open vulnerabilities.
Their inability to quickly respond to vulnerabilities is leaving banks’ customers open to more cyber-attacks. Moreover, a notable 67% of current applications used by banks are at risk from information leakage attacks, which would violate EU GDPR laws.
Software vulnerabilities
According to research from the NCC group in 2017, software vulnerabilities in the financial sector had increased by over 400% since 2013. The company found out that the number of software vulnerabilities had increased over the four years, increasing from an average per organisation of 217 in 2013 to 910 in 2016.
The financial sector tends to have a reputation of having some of the most mature cybersecurity practices.
Despite this, the financial industry is still slow to repair open code vulnerabilities.
“The industry is ranked second to last in major verticals for “latest scan OWASP pass rate, and based on the flaw persistence analysis chart, it is leaving code vulnerabilities to linger longer than other industries,” the Veracode report reads.