Software vulnerabilities reaching 'unacceptable' levels

Developers are failing to meet industry security standards when creating new software, according to testing firm Veracode.

Data collected on 2,900 applications by the company's security verification service suggests that more than half of tested applications contain " unacceptable" levels of vulnerabilities.

Financial sector applications had the lowest vulnerability levels, and mission-critical applications in general were found to be less vulnerable.

Web-based applications were found to be particularly vulnerable, however. More than 80 per cent of submitted web applications contained errors listed in the Open Web Application Security Project's Top 10 risk list.

Sam King, vice president of product marketing at Veracode, told V3.co.uk that the high number of vulnerabilities in web applications could be down to the skill of the developer and heightened interest in testing web applications.

King shot down the notion that data stored on premise is more secure than cloud computing services, or that installed applications are inherently more secure.

Instead, she suggests that companies are adopting stricter testing practices that should have been in use all along.

"The deployment method of your software should not affect the security testing," King said. "The data that is on premise is just as much a target because of vulnerabilities that exist in your everyday software."

Further reading

• Security

Cyber attacks growing in number and sophistication

• 17 Sep 2010

• Security

Twitter 'mouse over' hack causing chaos

• 21 Sep 2010

• Software

Adobe releases fix for Flash Player

• 20 Sep 2010

• Security

Microsoft offers workaround for ASP.NET flaw

• 20 Sep 2010

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Developer
• Software
• Security
• Desktops
• Cloud Computing
• SaaS