A study on the state of software security for web and mobile applications across seven industries finds healthcare performing poorly, but none of the others shine particularly well.
Technology vendor Veracode, which offers cloud-based security services for web and mobile applications, regularly analyzes the data of its clients to assess how effectively they reduce application security risks. The vendor notes that web application attacks account for more than one-third of breaches in some industries and enterprises often spend far more on securing network perimeters than web applications.
Veracode analyzed billions of lines of code from more than 200,000 application analyses that clients performed on its platform during a recent 18-month period.
In two critical areas healthcare lags behind other industries, according to the vendor. “Given the large amount of sensitive data collected by healthcare organizations, it’s concerning that 80 percent of healthcare applications exhibit cryptographic issues such as week algorithms upon initial assessment. In addition, healthcare fares near the bottom when it comes to addressing remediation, with only 43 percent of known vulnerabilities being remediated.” Only government agencies had a lower remediation rate at 27 percent.
In general, across industries, commercial software had a 9 percent lower compliance rate with standards from the Open Web Application Security Project, known as OWASP, compared with internally developed software.
Healthcare application security was compliant on a first-risk assessment 31 percent of the time, in the ballpark with other industries excepting financial, which had a 42 percent rate.
Where healthcare shined the most may have been in flaw density. “Average application flaw density is a measure of the average risk per unit of software,” according to Veracode’s study. “It is defined as the number of flaws for an application divided by the size of the application’s executable code in megabytes, and has the unit of flaws per megabyte.” In this comparison healthcare’s flaw density was 15, almost half of the second lowest score.
Manufacturing, by far, had the highest flaw density but also the highest rate of fixing them at 81 percent as the industry “has adopted process improvement methodologies as part of the culture of the business,” according to Veracode, compared with healthcare’s 43 percent fix rate.
The report, “State of Software Security, Volume 6: Focus on Industry Verticals,” is available here. Brief registration is required.
This story was first posted to Health Data Management's web site.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access