back Back

Financial services software outperforms other industries, study finds

By Gaia Lamperti

August 24, 2022

  • Banks
  • Cybersecurity
  • Financial Services
Share

Software for the financial services industry ranks among the best for overall flaw percentage when compared to other industries but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18% of applications containing a serious vulnerability, suggesting financial firms should prioritise identifying and remediating the flaws that matter most.

These findings were outlined in the annual State of Software Security report v12 published by  Veracode, a global provider of application security testing solutions which analysed 20 million scans across half a million applications in the financial, technology, manufacturing, retail, healthcare and government sectors.

Across the six industries, the financial sector has the second-lowest proportion of applications containing security flaws, at 73%. In last year’s report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year’s study. Despite having fewer flaws overall, the financial services sector comes at joint last with technology and government for the lowest proportion of flaws that are fixed.

Chris Eng, Chief Research Officer at Veracode, commented: “One of the advantages of serving the software development community for so many years is that Veracode can see changes in development practices across industries over time. We found that while financial services applications have fewer security flaws than last year, the sector lags behind other industries when it comes to fixing rates. Our research showed that security training can significantly improve remediation speeds and that companies whose development teams had completed hands-on training using real-life applications fixed flaws 35% faster than those without such training.”

The report comes at a time when it has become imperative for the financial services sector to reduce operational costs by improving operational efficiencies and effectiveness. Financial services businesses can improve by elevating their quality of service, reducing cycle times, improving productivity, reducing waste and eliminating rework.

Room for continued improvement

While there is undoubtedly still room for progress in terms of both flaw prevalence and remediation rates, when financial services organisations do fix vulnerabilities, they move at a quicker pace than most.

“The U.S. Executive Order on Cybersecurity, alongside mandates on security controls regarding open-source usage, such as GDPR and the New York Department of Financial Services Cybersecurity Regulations, has highlighted the importance of securing the software supply chain. Being a highly regulated sector may go some way to explain the financial industry’s relative speed in addressing vulnerable libraries discovered through software composition analysis (SCA),” commented Eng.

Flaws in third-party libraries found through SCA tend to stick around longer for all industries, with 30% still unresolved after two years. When it comes to addressing open-source vulnerabilities, however, the finance sector remediates at the same pace as other industries for the first year but then quickens its pace to gain a month on the cross-industry average.

Although the finance sector outperforms most other industries in fix times for flaws discovered by dynamic, SCA, and static, the study found there is still ample room for continued improvement when looking at the number of days it takes to resolve 50% of flaws—116 days for dynamic analysis, 385 days for SCA, and 288 days for static analysis. With third-party components comprising as much as 90% of an application’s codebase, scanning early and often using a combination of testing types reduces unplanned emergency remediation work and mitigates the risk of introducing third-party security flaws into software.

Previous Article

August 24, 2022

Lirium to power digital asset access for Mexican FinTech

Read More
Next Article

August 24, 2022

Spice Money strengthens leadership team with two new appointments

Read More






IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related News

February 05, 2025

CommBank & AWS team to deliver global cloud and AI capabilities

Read More

February 05, 2025

United Fintech acquires Commercial Banking Applications

Read More

February 05, 2025

Access Bank Nigeria adopts Integral tech to boost FX capabilities

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q4 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q4 2024
Know More