The public sector has the highest proportion of security flaws in its applications along with some of the lowest and slowest fix rates compared to other industry sectors.
A new report from application security testing company Veracode finds 82 percent of public sector applications have security flaws and that 60 percent of flaws in third-party libraries in the public sector remain unfixed after two years.
“Public sector policy makers and leaders recognize that dated technology and vast troves of sensitive data make government applications a prime target for malicious actors,” says Chris Eng, chief research officer at Veracode. “That’s why the White House and Congress are working together to update regulations governing cybersecurity compliance. In the wake of May 2021’s Executive Order to improve the nation’s cybersecurity and protect federal government networks, the US Office of Management and Budget, Department of Defense and the White House have issued four memos addressing the need to adopt zero trust cybersecurity principles and strengthen the security of the software supply chain. Our research confirms this need.”
On a more positive note government entities have made great strides to address high severity flaws, which appear in only 16 percent of applications. In fact, the number of high severity flaws has decreased by 30 percent in the last year alone indicating that the issue is being taken more seriously.
Eng adds, “Recognizing that time is of the essence, public sector leaders are beginning to set timelines. For example, in ‘Moving the US Government Toward Zero Trust Cybersecurity Principles’, Shalanda Young has set a deadline of September 30, 2024 for all US federal agencies to meet specific cybersecurity standards. We think that the progress made against high security flaws is a great starting point and support all public sector agencies who seek to gain better control over their software supply chains.”
You can get the full report from the Veracode site.
Photo credit: Andrea Izzotti / Shutterstock