Research shows that many government and educational institutions use applications in which vulnerabilities are known. Nevertheless, the institutions are doing enough to protect against the vulnerabilities.
This is the conclusion drawn by application testing company Veracode from its own research. According to the company, 80 percent of the applications analysed within the government contain at least one vulnerability. This is the highest percentage of the entire research.
Of those vulnerabilities, 23 percent are described as ‘very serious’. Veracode considers this 23 percent to be relatively low. With this number, the government, together with financial services and care institutions, outperform other sectors.
Most vulnerabilities consist of SQL injections. They are 33 percent more common in government and education than in other sectors. Cross-site scripting and poor input validation are also common.
“Most vulnerabilities in government and education applications are fortunately not catastrophic,” says Chris Eng, Chief Research Officer at Veracode. “By working more with DevSecOps tactics, such as regular and frequent application scans and the use of different testing methods, developers within these organizations can make great strides towards making their code more secure.”
The full research can be found on the Veracode website.