Insecure code putting business data at risk

Insecure code putting business data at risk

Microsoft has urged nations to report vulnerabilities than to stockpile, sell, or exploit them for their own gains.

Many organisations rely on unsecure code for mission-critical functions, with the UK scoring worst for security, according to a new report.

Research by CAST, which analysed more than a billion lines of code across 1,850 applications, found that “a significant amount” of unsecured code is in use.

Financial services organisations were found to be the most at-risk because of the code they use, followed by retailers and telecommunications firms. The report found that government organisations used the most secure code.

“Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers,” said Dr Bill Curtis, senior vice president and chief scientist at CAST Research Labs, commenting on the findings.

“This is especially concerning in financial services applications. Despite the push to go digital, our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”

The report found that smaller teams produce better code, with groups of more than 20 performing worst. The “sweet spot” was found to be 10 team members.

In terms of project management, the highest scoring code in the report was written using hybrid methods combining features from the agile and waterfall methods.

Secure code is essential to protecting both valuable intellectual property and customer data, the theft of which could land businesses in regulatory hot water.

The European Union’s new General Data Protection Regulation, which comes into full effect in May 2018, threatens fines of up to €20 million (£17.5 million) or four per cent of global turnover for breached firms that are seen to have done too little to protect their customers’ data.

Photo copyright monsitj under licence from

Copyright Lyonsdown Limited 2021

Top Articles

Australian energy giant CS Energy suffers a ransomware attack

Australian energy company CS Energy suffered a ransomware attack on November 27 that targeted its corporate network.

Misconfiguration of a management user interface (UI) tool leads to exposure of mission-critical data

Kafdrop, a popular open-source Apache Kafka user and management interface had configuration flaws that provided criminals with access to event-streaming platform Apache Kafka used by more than 60 per cent…

ICO serves £500,000 fine to the Cabinet Office for New Year Honours data breach

The ICO has fined the Cabinet Office £500,000 for failing to prevent the leak of postal addresses of over 1,000 people who were among the 2020 New Year Honours recipients.

Related Articles

[s2Member-Login login_redirect=”” /]