Many organisations rely on unsecure code for mission-critical functions, with the UK scoring worst for security, according to a new report.
Research by CAST, which analysed more than a billion lines of code across 1,850 applications, found that “a significant amount” of unsecured code is in use.
Financial services organisations were found to be the most at-risk because of the code they use, followed by retailers and telecommunications firms. The report found that government organisations used the most secure code.
“Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers,” said Dr Bill Curtis, senior vice president and chief scientist at CAST Research Labs, commenting on the findings.
“This is especially concerning in financial services applications. Despite the push to go digital, our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”
The report found that smaller teams produce better code, with groups of more than 20 performing worst. The “sweet spot” was found to be 10 team members.
In terms of project management, the highest scoring code in the report was written using hybrid methods combining features from the agile and waterfall methods.
Secure code is essential to protecting both valuable intellectual property and customer data, the theft of which could land businesses in regulatory hot water.
The European Union’s new General Data Protection Regulation, which comes into full effect in May 2018, threatens fines of up to €20 million (£17.5 million) or four per cent of global turnover for breached firms that are seen to have done too little to protect their customers’ data.
Photo copyright monsitj under licence from Thinkstockphotos.co.uk