VeraCode says that 58 percent of applications submitted to the company for verification don’t achieve an acceptable security rating. Internally developed software fares the worst, with 88 percent of apps failing to meet security standards.Other key findings in the report include the following:
- Open source projects have comparable security, faster remediation times, and fewer Potential Backdoors than Commercial or Outsourced software.
- A significant amount of Commercial and Open Source software is written in C/C++ making it disproportionately susceptible to vulnerabilities that allow attackers to gain control of systems.
- The pervasiveness of easily remedied vulnerabilities indicates a lack of developer education on secure coding.