Home » Technology » A worrying amount of apps found to have high-severity security flaws

A worrying amount of apps found to have high-severity security flaws


In recent research, it was discovered that a large number of commonly used apps contain security flaws, which are more common in applications used by companies in the technology sector.

According to the report, Veracode performed 20 million scans on about half a million apps being used in the technology, manufacturing, retail, financial services, healthcare, and government sectors. The results declared that 24% of the apps contained high-level security flaws.

Comparably, only public sector has a worse situation (82%), with that being the second-highest proportion of apps with security issues (79%).

Fixing the flaws

According to the survey, information leakage, insecure dependencies, and server setups are among the most prevalent types of vulnerabilities. It also claims that these findings “broadly reflect” a pattern seen in other businesses. However, the sector differs most from the industry average in terms of cryptographic problems and data leakage, leading the researchers to hypothesise that developers in the tech sector are more knowledgeable about data protection issues.

The tech company lies somewhere in the middle in the line of fixed issues. It’s easier for these companies to find a flaw, but when it comes to fixing it, it takes them nearly a whole year to resolve only half of the problem, which is quite more than average and leaves a lot of room for improvement.

According to the chief officer of Vernacode, Chris Eng, it’s not just about discovering the flaws; it’s all about reducing them to the least number possible of flaws in the code. He believes businesses need to depend more on security attestations.

Last December, Log4j gave many corporations a wake-up call. The Office of Management and Budget’s (OMB) recommendations and the European Cyber Resilience Act, both of which have a supply chain focus, were then taken by the government, according to Eng. Technology companies should focus more on automating security testing in the Continuous Integration and Continuous Delivery (CI/CD) pipeline to increase efficiency and enhance performance in the upcoming year. This includes strategies that assist developers in lowering the rate at which bugs are introduced into code.

Cybercriminals frequently search for coding errors and vulnerabilities in business-use internet-facing apps. When they do, they frequently use it to deploy endpoints and web shells, giving them access to the company network as a result (opens in a new tab). The second step of the attack, which is frequently either ransomware, malware, or data wipers, can be launched after mapping out the network and discovering devices and data.