DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Retailers Fix Software Flaws Quickly, Despite Continued Code Quality Issues

Retailers Fix Software Flaws Quickly, Despite Continued Code Quality Issues

During this holiday season, retailers learn to adapt and fix code quality issues faster than ever.

Laura Paine user avatar by
Laura Paine
·
Dec. 10, 18 · News
Like (2)
Save
Tweet
Share
4.29K Views

Join the DZone community and get the full member experience.

Join For Free

The 2018 holiday shopping season is off to a record-breaking start, thanks to consumers’ growing comfort with making online purchases and an increasing number of retailers offering Black Friday pricing starting on Thanksgiving. In fact, in the first two days of the shopping season, online retailers saw nearly $10 billion sales, with Adobe reporting that consumers in the U.S. alone spent $6.2 billion on Black Friday. For many, the ability to complete holiday shopping online and avoid crowded parking lots and throngs of people in a shopping center or mall is a relief. This may even trump any concerns they may have about privacy or fraud as they use credit cards and apps to make their purchases.

Retail’s State of Software Security Receives High Marks – Yet, There’s More to Be Done

The good news is Veracode’s State of Software Security Volume 9 (SOSS Vol. 9) found that retail is faster than most industries — second only to healthcare — when it comes to addressing common vulnerabilities found in software, thereby reducing risk exposure. Through our flaw persistence analysis or how long a flaw lingers after the first discovery, we found that the retail industry remediates a quarter of its vulnerabilities in 14 days, and 50 percent of flaws in 64 days. Retail outpaced the average fix speed at every interval across all industries, keeping consistent with its urgency to close vulnerabilities.

However, two-thirds (66 percent) of applications retailers use are at risk from information leakage attacks. This means that an application may reveal sensitive data that an attacker can then use to exploit the web application, its hosting network, or the user. Retail reported the third-most information leakage issues after technology and financial services. SOSS Vol. 9 also shows that the retail industry has the highest number of code quality flaws when compared to all other verticals at 65 percent. Code quality is the third most common vulnerability category across the board, following information leakage and cryptographic issues, suggesting that developing quality, secure code is an industry-wide issue for the retail sector.

“Vulnerabilities in applications can allow attackers seeking sensitive information such as consumer payment data a way in,” said Paul Farrington, Director of EMEA and APJ at Veracode. “Many retailers are showing an aptitude for remediating flaws quickly to help improve security and protect their high-value information. This is promising, yet the persistence and prevalence of vulnerabilities that continue to plague retailers call for both increased speed of fix and better prioritizing which flaws to fix first.”

Secure Software Development Education and the Skills Gap

It is estimated 3.5 million cybersecurity jobs will go unfilled by the year 2020. Our research shows 76 percent of developers say that security and secure development education is necessary – but not offered in current curriculums – so this hardly comes as a surprise. The onus falls on organizations such as retailers to ensure that their development teams are receiving the education necessary and are equipped with the appropriate tooling to make security a priority in the software development process.

As the retail industry offers new ways to buy, pick up, and ship goods, it is also increasing the threat landscape by producing a wider portfolio of web applications. It will be critical for them to ensure their developers have what they need to keep their systems and their customers’ sensitive information safe from potential cyber attacks.

To learn more about the retail industry’s security hygiene, download the free Retail Industry Infosheet.

Software development security application IT Vulnerability Web Service Data (computing) consumer Persistence (computer science)

Published at DZone with permission of Laura Paine, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • DZone's Article Submission Guidelines
  • How to Submit a Post to DZone
  • The Quest for REST
  • A Brief Overview of the Spring Cloud Framework

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: