Insecure code putting business data at risk

Insecure code putting business data at risk

Microsoft has urged nations to report vulnerabilities than to stockpile, sell, or exploit them for their own gains.

Many organisations rely on unsecure code for mission-critical functions, with the UK scoring worst for security, according to a new report.

Research by CAST, which analysed more than a billion lines of code across 1,850 applications, found that “a significant amount” of unsecured code is in use.

Financial services organisations were found to be the most at-risk because of the code they use, followed by retailers and telecommunications firms. The report found that government organisations used the most secure code.

“Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers,” said Dr Bill Curtis, senior vice president and chief scientist at CAST Research Labs, commenting on the findings.

“This is especially concerning in financial services applications. Despite the push to go digital, our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”

The report found that smaller teams produce better code, with groups of more than 20 performing worst. The “sweet spot” was found to be 10 team members.

In terms of project management, the highest scoring code in the report was written using hybrid methods combining features from the agile and waterfall methods.

Secure code is essential to protecting both valuable intellectual property and customer data, the theft of which could land businesses in regulatory hot water.

The European Union’s new General Data Protection Regulation, which comes into full effect in May 2018, threatens fines of up to €20 million (£17.5 million) or four per cent of global turnover for breached firms that are seen to have done too little to protect their customers’ data.

Photo copyright monsitj under licence from

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles