Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Almost all Java apps contain one component with a security vulnerability

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 18, 2016

According to a new report published by app security firm Veracode, an incredible 97.3 percent of all Java applications in use today contain at least one component with a known security vulnerability.

More specifically, Veracode asserts that year-over-year improvements in the code that various organizations write are somewhat undone by the increasing proliferation of security risks from open source and third party component use.

For instance, a single popular component with a critical security vulnerability spread to more than 80,000 other software components, which were in turn then used in the development of potentially millions of software programs with know security issues, some of them going back to 2011.

“The prevalent utilization and re-use of open source components in the software development industry is creating unmanaged, systemic risks across thousands of companies and hundreds of industries,” warned Brian Fitzgerald, CMO at Veracode.

The Veracode spokesperson also underscores the very slow progress and remaining numerous challenges in software development more generally.

It's disturbing to read that about 62.8 percent of Java and other applications fail the most basic security policies upon first scan, warned Veracode.

Overall best practices in secure software development today are emerging somewhat, but they’re still not pervasive enough to make any significant difference across the software development market as a whole.

However, one positive improvement recently came from the practice among more forward-thinking organizations of giving software developers more power to improve Java security.

For example, if software developers used 'sandbox' technology to scan apps prior to assurance testing, this would probably result in an improved and safer environment for all concerned.

On any given day, training software and complex system developers can make an even bigger difference if done in fine detail. Best practices like remediation coaching and eLearning can improve security vulnerability fix rates by a wide margin, with a sixfold increase in some cases, according to Veracode.

DevOps practices are taking hold among a few industry leaders who have established mature application security programs, but the issue is that's it done on such a small scale.

For example, the average security tests per application is just six or seven at most, while some apps are being scanned 600 to 700 times. There doesn't appear to be any security standards when it comes to Java, notes Veracode.

Building security into DevOps processes can yield some very good results for organizations in reducing security risks and without slowing down software development, Veracode asserts.

Despite various improvements in some segments, web application development today still remains very fragile. More than 52.5 percent of all internet applications tested using Veracode’s tools were affected by misconfigured so-called 'secure communications' that were not, or other similar security defence shortcomings all related to Java programming.

Veracode’s 'Software Security Report' available on its website covers various metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments, using Veracode’s software audit tools over the last 1 1/2 year.

Source: Veracode.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer