A new Veracode study shows that 82 percent of applications in the public sector exhibit security flaws and that 60 percent of vulnerable third-party libraries in the sector remain unresolved after two years.
Veracode said Tuesday it analyzed data gathered from 20 million scans across half a million applications for the annual State of Software Security report and found that the public sector has an overall fix rate of 22 percent.
“Organizations in this sector must act with urgency,” said Chris Eng, chief research officer at Veracode.
“They can improve their secure DevOps practices significantly by using multiple types of scanning—static, dynamic, and software composition analysis—to get a more complete picture of an application’s security, which in turn will help them to improve remediation times, comply with industry regulations, and make the case for increasing application security budgets,” added Eng.
According to the study, the public sector showed progress when it comes to fixing high severity flaws, which was observed in only 16 percent of the sector’s applications. There was also a 30 percent drop in the number of high severity flaws, reflecting government agencies’ understanding of guidelines on software security as outlined in the cybersecurity executive order.
“We think that the progress made against high security flaws is a great starting point and support all public sector agencies who seek to gain better control over their software supply chains,” Eng said.