Business Wire

Healthcare Sector Leads the Way for Fix Rate of Software Security Flaws

Share

Veracode, a leading global provider of application security testing solutions, today revealed that the healthcare sector takes first place for the proportion of software security flaws that are fixed, at 27 percent. The sector overtook financial services as the top-performing industry, demonstrating healthcare providers have made good headway toward the goal of making their software more secure over the past year.

The data was published in the company’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the healthcare, financial, technology, manufacturing, retail, and government sectors.

Chris Eng, Chief Research Officer at Veracode, said, “Healthcare is one of the more highly regulated sectors and is considered critical infrastructure by the government, so it’s encouraging to see the sector performs comparatively well in terms of overall flaw remediation. We hope healthcare developers and IT staff see this as a welcome ray of sunshine amidst the all-too-often gloomy realm of software security. There is still work to do, so here’s to more improvements in the years to come.”

Despite taking the top spot for fix rate, 77 percent of applications in the healthcare industry contain vulnerabilities, with 21 percent of applications containing high severity vulnerabilities. The sector also has ample room for improvement in terms of the time spent to fix flaws once they’re detected, taking up to a whopping 447 days to reach the halfway point of remediation.

Healthcare Breach Costs Are the Most Expensive

With healthcare companies incurring the highest average breach costs, at a new record high of $10.1 million*, taking proactive steps to minimize the risk of a cyberattack is imperative. Since data breaches in highly regulated industries tend to be associated with larger long-term costs that accrue over the ensuing years, the industry would benefit from even greater comprehensive efforts to address security earlier in the software development lifecycle.

Of the six industries analyzed, healthcare providers rank toward the bottom for the proportion of applications with any flaws, and second to last for the percentage of high-severity flaws—defined as those that present a serious risk to the application and organization if they were to be exploited. When it comes to the types of flaws discovered from dynamic analysis of applications in the sector, compared to other industries healthcare providers perform well for authentication issues and insecure dependencies, but have a higher incidence of cryptographic and deployment configuration issues.

Eng said, “We know that no application will ever be 100 percent free of security flaws, so it’s important that businesses take all necessary steps to minimize risk as much as possible. This includes scanning at a regular, rapid pace using multiple testing types, integrating testing tools into developer environments, and providing hands-on training to help developers understand the origin of flaws and how to fix or prevent them entirely. The healthcare sector should also take extra care to prioritize critical flaws—those vulnerabilities that could have a catastrophic impact if left unaddressed for too long.”

Andrew McCall, Vice President of Engineering, Azalea Health Innovations, said, “The biggest obstacle to building security into our workflows is that developers will treat security as just a checkbox. But security is an ongoing process and has to be top of mind throughout the software development life cycle. We chose Veracode because it was the easiest and best solution when it comes to integrating into our existing processes.”

Third-party Library Security

Considering a sharp increase in regulations to secure the software supply chain over the past year, the report analyzed third-party libraries to identify how vulnerabilities discovered through software composition analysis (SCA) behave. Overall, around 30 percent of vulnerable libraries remain unresolved after two years; however, that statistic reduces to 25 percent for the healthcare sector. In fact, while the overall ratio of vulnerable libraries found by SCA trends down steadily over time, healthcare experienced a brief upward spike before driving rates down dramatically over the last year or so.

The Veracode State of Software Security v12 healthcare snapshot is available to download here and the full report is available here.

* IBM Security and The Ponemon Institute, “Cost of a Data Breach Report 2022”: https://www.ibm.com/downloads/cas/3R8N1DZJ, July 2022

About the State of Software Security Report

The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.

The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Katy Gwilliam
kgwilliam@veracode.com

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Q4 Inc. Recognized as one of Canada's Top Growing Companies by The Globe and Mail23.9.2022 23:09:00 EEST | Press release

Q4 Inc. (TSX:QFOR), (“Q4” or “the Company”) is pleased to announce their ranking on the 2022 Report on Business of Canada’s Top Growing Companies. Canada’s Top Growing Companies ranks Canadian companies on three-year revenue growth. Q4 Inc. earned its spot with three-year growth of 220%. “We are honored to be recognized as one of Canada’s Top Growing Companies for the third consecutive year by The Globe and Mail,” remarked founder and CEO, Darrell Heaps. “We are extremely proud of the growth we have achieved together as a company and this recognition is a true reflection of the dedication our employees have to helping our clients win in the capital markets.” Canada’s Top Growing Companies is an editorial ranking that was launched in 2019. It aims to celebrate the boldest entrepreneurial achievement by identifying and bringing the accomplishments of innovative businesses in Canada to the forefront. In order to qualify for this voluntary programs; companies had to complete an in-depth ap

PCT International Hires Dynamic CFO23.9.2022 22:40:00 EEST | Press release

PCT International’s continued resurgence in the broadband and telecommunications market received a boost from the hiring of Simit Shah as Chief Financial Officer. With 20 years of domestic and global treasury, capital markets, and corporate finance experience, Shah is excited to showcase PCT’s strength to the market. Shah will influence the evaluation and structuring of financing strategies, leveraging his experience to drive business transformation from his previous roles. Shah holds a B.S. in Chemistry from Villanova University and an M.B.A from the University of Michigan Ross School of Business. “PCT’s 25-year commitment to innovation, made this an easy choice for me to join their robust team in Tempe,” said Shah. In his previous positions, Shah successfully negotiated, structured, and managed multiple financing facilities and strategies, including being an integral member of the team that transitioned the largest publicly traded proprietary education company to a privately held ent

GCCA: Cement and Concrete Industry Scales Up Carbon Capture, Utilisation and Storage (CCUS) Efforts to Accelerate Decarbonisation23.9.2022 19:30:00 EEST | Press release

The Clean Energy Ministerial CCUS (CEM CCUS) and the Global Cement and Concrete Association (GCCA) have today, at the first-ever Global Clean Energy Action Forum (GCEAF), announced an agreement that will help scale up the deployment of carbon capture, utilisation and storage (CCUS) throughout the cement and concrete industry, in a move to stimulate innovation, investment and increase the pace of decarbonisation efforts. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220923005359/en/ Major CCUS industry and government collaboration announced at Global Clean Energy Action Forum (GCEAF) in Pittsburgh, USA. Left to right: Thomas Guillot, CEO of the Global Cement and Concrete Association, Henriette Nesheim, Assistant Director General, Norwegian Ministry of Petroleum and Energy – and CEM CCUS Initiative Co-Lead from Norway, Brad Crabtree, Assistant Secretary, Fossil Energy and Carbon Management, US Department of Energy (Photo: Bus

Justin Boxford Appointed Global Brand President, Estée Lauder23.9.2022 16:00:00 EEST | Press release

Today, The Estée Lauder Companies (NYSE:EL) announced that Justin Boxford has been appointed Global Brand President, Estée Lauder, effective September 1, 2022. Justin succeeds Stéphane de La Faverie, whose promotion to Executive Group President was part of an organizational evolution announced last week. In his new role, Justin is reporting to Stéphane and will continue to serve on the company’s Executive Leadership Team (ELT). This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220923005308/en/ Justin Boxford appointed Global Brand President, Estée Lauder; photo courtesy of Kevin Trageser. As Global Brand President, Justin will be responsible for driving Estée Lauder’s short- and long-term strategy, including innovation, product development, North America and international growth, consumer marketing and distribution evolution. He will partner closely with members of the global Estée Lauder leadership team to drive the brand’s su

XPENG G9 Equipped with Dual Automotive-Grade LiDAR Sensors from RoboSense23.9.2022 15:00:00 EEST | Press release

RoboSense, a world-leading provider of Smart LiDAR Sensor Systems announced XPENG G9 equipped with two RoboSense second-generation Smart Solid-state LiDARs (RS-LiDAR-M1). On September 21, XPENG Motors held the “G9 Flagship SUV Immersive Experience” online launch event and officially launched XPENG G9. XPENG G9 is positioned as “the world’s Fastest-Charging electric SUV”. It achieved a breakthrough and went going from development of “independent functions” to “global intelligence”. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220923005230/en/ XPENG G9 equipped with two RoboSense second-generation smart solid-state LiDARs, to realize full-scenario intelligent driver assistance. (Graphic: Business Wire) G9 further demonstrates XPENG’s innovation in the field of intelligence. From the early functions of autonomous parking, voice control to driver assistance, G9 uses XPENG’s second-generation ADAS, XNGP, equipped with two RoboS

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom