Applications used by public sector organizations contain more flaws than those used by private sector firms, which significantly increases the chances an attack might expose sensitive data.
This is according to a new report from application security testing company Veracode, which claims that four in five apps used in the public sector have at least one flaw. The problem, according to the report, is in the fact that most organizations work with large applications that contain older codebases.
The good news, however, is that less than a quarter (23 percent) of those flaws can be considered high severity, which cannot be said of other industries. Developers are also modernizing their approach and finding and fixing flaws faster than before.
In order to improve the security of these apps, Veracode suggests organizations should automate scanning with APIs, scan throughout the development process, and prioritize flaw fixing to as great an extent as possible.
“Most application issues in the government and education sector are not catastrophic. By continuing to adopt DevSecOps practices like scanning applications for defects consistently and using multiple testing types, developers in these organizations can begin making leaps toward more secure code,” said Chris Eng, Chief Research Officer at Veracode.