News Releases

Keep up to date with the latest Black Duck news and subscribe to email alerts.

New Black Duck Research Finds High-Risk Sectors Riddled with Critical Vulnerabilities

Finance and Insurance sectors found to have the highest number of critical vulnerabilities

BURLINGTON, Mass., Nov. 12, 2024 /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck") today announced the publication of the "2024 Software Vulnerability Snapshot" report highlighting various industries' unique challenges and approaches to addressing software vulnerabilities. The report, which analyzes data from over 200,000 dynamic application security testing (DAST) scans conducted by Black Duck on approximately 1,300 applications across 19 industry sectors from June 2023 to June 2024, found significant variations in vulnerability types and remediation practices. 

The findings provide insights into the current state of security for web-based applications and systems, and the potential impact of security vulnerabilities on business operations in high-risk sectors such as Finance, Insurance, and Healthcare. Notably, the report identified that the Finance and Insurance sector had the highest number of critical vulnerabilities (1,299), and the Healthcare and Social Assistance sector had the second-highest (992) within the data set.

Of the 96,917 total vulnerabilities identified, the two most critical categories were cryptographic failures (weaknesses in how an application secures sensitive information), with over 30,000 instances, and injection vulnerabilities (when malicious code tricks an application into executing unintended actions or accessing data without proper authorization), with just over 4,800 instances. Both pose significant threats to data across all industries, and potential breaches could lead to the theft of personally identifiable information (PII), financial data, and medical records, resulting in severe financial losses and reputational damage. 

Additionally, the report found that there's no one-size-fits-all timeline for remediation approaches. In fact, there's significant variance when it comes to the mean time to remediate (MTTR) across industries, with stringent regulations forcing Finance and Insurance to move quicker (28 days for smaller/lower complexity web assets), compared to the Utilities sector, which had the longest time to close (107 days for smaller/lower complexity web assets). This is likely due to the sector operating on legacy systems that are difficult to patch and update.

Operational disruptions pose a large business risk, no matter the industry. The research found that widespread security misconfigurations (98% of applications affected) threaten business continuity and service availability.

"The high number of vulnerabilities found from the past year is a clear wake-up call that businesses cannot remain stagnant when deploying new security measures," said Jason Schmitt, Chief Executive Officer at Black Duck. "The longer it takes for an organization to patch a vulnerability, the larger the chance of exploitation. Software risk equates to business risk, and with today's malicious actors being more sophisticated than ever, it's increasingly important that businesses across every sector build trust in their software by implementing a comprehensive and integrated approach."  

To learn more, download a copy of the "2024 Software Vulnerability Snapshot" report, read the detailed blog post, or register for the upcoming November 26 webinar

About Black Duck
Black Duck®, formerly known as the Synopsys Software Integrity Group, offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. Learn more at www.blackduck.com.

 

SOURCE Black Duck Software

For further information: Liz Samet, Black Duck, 336.414.6753, esamet@blackduck.com
Sign up to receive the latest news to your email.