Veracode, one of the largest global providers of application security testing (AST) solutions, released new findings that show the retail and hospitality sector fixes flaws in its software at a faster rate than five other sectors. The findings come from Veracode’s analysis of more than 130,000 applications.
The ability to find and fix potential security defects quickly is a necessity, particularly in an industry that requires rapid response to changing customer demands. Retail and hospitality also track a high volume of personal information about consumers through loyalty cards and membership accounts, tying into marketing data from third parties, which is enabled by more software. Web applications attacks are the primary vector for breaches in retail, with personal or payment data exploited in about half of all breaches, according to the 2020 Verizon Data Breach Investigations Report.
The research found 76% of applications in the retail and hospitality sector have at least one flaw, which is about average when compared to economic sectors such as financial services, technology, healthcare and others. However, 26% of application flaws are high-severity issues – the second-largest proportion among all six sectors – that require urgent attention.
Veracode research shows that the retail and hospitality industry rank second-best for overall fix rate: half of its flaws are remediated in just 125 days, nearly one month faster than the next-fastest sector. While this may seem lengthy, half of flaws across all industries remain unfixed for much longer and may never be fixed at all.
“Retail and hospitality companies face the dual pressure of being high-value targets for attackers while also requiring software that allows them to be highly responsive to customers and compliant with industry regulations such as PCI,” said Chris Eng, Chief Research Officer at Veracode. “Developers in the retail and hospitality sector appear to do a better job than others when dealing with issues related to information leakage and input validation. Using API-driven scanning and software composition analysis to scan for flaws in open source components offer the most opportunity for improvement for development teams in the retail sector.”Click below to share this article