Government ranks bottom for app security, financial services on top

Web and mobile applications produced or used by government are the least likely to adhere to standard security policies such as OWASP Top 10 when initially assessed for risk.

This is according to a new report, 2015 State of Software Security, which was put together by threat protection firm Veracode.

The company used its cloud-based platform to analyse data to reveal how a variety of different sectors approach security for their applications.

According to the research, government organisations only report 27 per cent application vulnerabilities once they are detected, making it last among the seven industries analysed.

The government also had the highest instances of SQL Injection vulnerabilities which are commonly used to steal sensitive information from databases.

"Every industry faces the challenge of securing web and mobile applications - which are continuously growing in both volume and complexity - across disparate and geographically-distributed development teams," claimed Chris Wysopal, Veracode CISO and CTO.

"In 2014, we helped out customers identify and remediate 4.7 million vulnerabilities, significantly reducing enterprise risk. This report clearly shows that industries that 'get it' have been able to achieve substantial success while others still struggle to manage the problem at scale," he added.

While the government ranked bottom, financial services and manufacturing demonstrated the best security, whilst retail, hospitality and healthcare fared only a little better than the government.

Despite the volumes of sensitive information that healthcare organisations hold, Veracode claims to have found that 80 per cent of applications in the industry exhibit cryptographic issues such as weak algorithms.

Meanwhile, only 43 per cent of vulnerabilities found in the healthcare sector are remediated.