Business Wire

Healthcare Sector Leads the Way for Fix Rate of Software Security Flaws

Share

Veracode, a leading global provider of application security testing solutions, today revealed that the healthcare sector takes first place for the proportion of software security flaws that are fixed, at 27 percent. The sector overtook financial services as the top-performing industry, demonstrating healthcare providers have made good headway toward the goal of making their software more secure over the past year.

The data was published in the company’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the healthcare, financial, technology, manufacturing, retail, and government sectors.

Chris Eng, Chief Research Officer at Veracode, said, “Healthcare is one of the more highly regulated sectors and is considered critical infrastructure by the government, so it’s encouraging to see the sector performs comparatively well in terms of overall flaw remediation. We hope healthcare developers and IT staff see this as a welcome ray of sunshine amidst the all-too-often gloomy realm of software security. There is still work to do, so here’s to more improvements in the years to come.”

Despite taking the top spot for fix rate, 77 percent of applications in the healthcare industry contain vulnerabilities, with 21 percent of applications containing high severity vulnerabilities. The sector also has ample room for improvement in terms of the time spent to fix flaws once they’re detected, taking up to a whopping 447 days to reach the halfway point of remediation.

Healthcare Breach Costs Are the Most Expensive

With healthcare companies incurring the highest average breach costs, at a new record high of $10.1 million*, taking proactive steps to minimize the risk of a cyberattack is imperative. Since data breaches in highly regulated industries tend to be associated with larger long-term costs that accrue over the ensuing years, the industry would benefit from even greater comprehensive efforts to address security earlier in the software development lifecycle.

Of the six industries analyzed, healthcare providers rank toward the bottom for the proportion of applications with any flaws, and second to last for the percentage of high-severity flaws—defined as those that present a serious risk to the application and organization if they were to be exploited. When it comes to the types of flaws discovered from dynamic analysis of applications in the sector, compared to other industries healthcare providers perform well for authentication issues and insecure dependencies, but have a higher incidence of cryptographic and deployment configuration issues.

Eng said, “We know that no application will ever be 100 percent free of security flaws, so it’s important that businesses take all necessary steps to minimize risk as much as possible. This includes scanning at a regular, rapid pace using multiple testing types, integrating testing tools into developer environments, and providing hands-on training to help developers understand the origin of flaws and how to fix or prevent them entirely. The healthcare sector should also take extra care to prioritize critical flaws—those vulnerabilities that could have a catastrophic impact if left unaddressed for too long.”

Andrew McCall, Vice President of Engineering, Azalea Health Innovations, said, “The biggest obstacle to building security into our workflows is that developers will treat security as just a checkbox. But security is an ongoing process and has to be top of mind throughout the software development life cycle. We chose Veracode because it was the easiest and best solution when it comes to integrating into our existing processes.”

Third-party Library Security

Considering a sharp increase in regulations to secure the software supply chain over the past year, the report analyzed third-party libraries to identify how vulnerabilities discovered through software composition analysis (SCA) behave. Overall, around 30 percent of vulnerable libraries remain unresolved after two years; however, that statistic reduces to 25 percent for the healthcare sector. In fact, while the overall ratio of vulnerable libraries found by SCA trends down steadily over time, healthcare experienced a brief upward spike before driving rates down dramatically over the last year or so.

The Veracode State of Software Security v12 healthcare snapshot is available to download here and the full report is available here.

* IBM Security and The Ponemon Institute, “Cost of a Data Breach Report 2022”: https://www.ibm.com/downloads/cas/3R8N1DZJ, July 2022

About the State of Software Security Report

The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.

The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Katy Gwilliam
kgwilliam@veracode.com

About Business Wire

Business Wire
Business Wire



Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

IEEE Announces Decision on Its Standards-related Patent Policy30.9.2022 18:31:00 CEST | Press release

The IEEE Standards Association Board of Governors (IEEE SA BOG) took action to update the Patent Policy for IEEE standards development, which will go into effect 01 January 2023. These updates are intended to improve the clarity of IEEE’s standards processes related to patented technologies, while offering more options for stakeholders. In accordance with IEEE SA’s policies and procedures, the following resolutions were approved by consensus without objections by the full IEEE SA BOG. The IEEE SA BOG approved proposed updates to the IEEE SA Standards Board Bylaws, effective 01 January 2023. The IEEE SA BOG approved proposed updates to the IEEE SA Letter of Assurance (LOA) form, effective 01 January 2023. The IEEE SA BOG approved proposed updates to the patent policy FAQs, effective 01 January 2023. For the same IEEE standard, in instances where there is one Submitter of an Accepted LOA under the 2015 policy and another Submitter of an Accepted LOA under a subsequent policy or using the

Calling All Sake Aficionados! October 1st Is "Sake Day." Let's Kampai Together!! (Kampai Means "Toast" in Japanese)30.9.2022 16:00:00 CEST | Press release

There are countless events around the world celebrating the delights of wine and beer; October 1st is known as "Sake Day," where sake lovers worldwide gather, enjoy, and appreciate this delicious beverage. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220929005349/en/ toast (Photo: Business Wire) Sake Day was set as October 1st by the Japan Sake and Shochu Makers Association (JSS), the largest sake industry organization in Japan with members consisting of some 1,700 producers of sake, Honkaku Shochu, Awamori, and Hon-Mirin. This date was selected because October 1st marked the beginning of the new brewing season using freshly harvested rice crops. Events celebrating sake have been planned worldwide for Sake Day on October 1st. In Japan, the "Kampai! with Sake Week" event will run for ten days around Sake Day on October 1st, where JSS, prefectural sake organizations, breweries, restaurants, liquor stores, and sake lovers wil

Alkegen Launching Trio of New High Efficiency Filtration Products for Air, Liquid and Molecular Applications30.9.2022 14:30:00 CEST | Press release

Alkegen, a leading specialty materials platform that provides high performance materials used in advanced applications, announced they will be launching three new High Efficiency Filtration (HEF) products during their exhibition at the upcoming World Filtration Congress in San Diego, CA. These are the first new filtration products launched under the Alkegen brand name since the merger of Lydall and Unifrax last October. “This trio of HEF media – one for air, one for liquid, one for molecular applications – represents the first wave of advanced materials developed and released under our new Alkegen filtration product development team. These launches combine Lydall’s well-known filtration and manufacturing expertise with Unifrax’s proven, rapid innovation capabilities,” said Paul Vallis, President of the Filtration & Catalysis Group. “This is the first of many innovations we expect to deliver as our portfolio evolves to meet the continuous demand for ever-higher efficiency and reduced en

Nexign’s Article Included in TM Forum’s Benchmark Report30.9.2022 13:12:00 CEST | Press release

Nexign, a leading provider of BSS and digitalization solutions, announces that its article has been included in TM Forum’s benchmark report “Telco Revenue Growth: Taking It to the Next Level”. The report investigates the primary sectors and services affecting communications service providers (CSPs) and the areas of growth and decline. It draws on research collected from 33 of the world’s largest operators and serves as a source of valuable information about factors influencing successful telco-to-techco transformation. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220930005236/en/ Nexign’s Article Included in TM Forum’s Benchmark Report (Photo: Business Wire) Nexign’s article “Harnessing Traditional and New Revenue Streams on Track to Maturity: Harmonization of the BSS Core” discusses key challenges faced by modern CSPs while shifting beyond traditional communications and exploring vertical markets. The authors state that o

The Estée Lauder Companies Launches 2022 Breast Cancer Campaign to Honor 30 th Anniversary and Positively Impact the Global Breast Cancer Community30.9.2022 12:45:00 CEST | Press release

In the 30 years since Evelyn H. Lauder launched The Estée Lauder Companies’ Breast Cancer Campaign (The Campaign) and co-created the Pink Ribbon in 1992, The Campaign’s mission to help create a breast cancer-free world for all has remained steadfast. The Estée Lauder Companies (ELC) has a long-standing commitment to helping women and girls achieve their highest potential. As ELC’s largest corporate social impact program, The Campaign is a cornerstone of ELC’s social investments in women’s advancement and health, uniting people everywhere to positively impact the global breast cancer community. As breast cancer is the most commonly diagnosed cancer in the world,1 ELC's continued commitment to improving the lives of all those touched by the disease remains unwavering. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220930005040/en/ The Estée Lauder Companies Launches 2022 Breast Cancer Campaign (Graphic: Business Wire) Together

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom