Quarter of Healthcare Apps Contain High Severity Bugs

Quarter of Healthcare Apps Contain High Severity Bugs

A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode.





The security vendor broke out sector-specific data collected for its State of Software Security report and claimed that three-quarters (75%) of healthcare applications contained some kind of vulnerability.





This is about on par with the cross-sector average, which stands at 76%.





The sector fixes 70% of the flaws it finds, which puts it behind several other verticals in terms of total volume addressed. However, those it does tackle are fixed faster than any other industry on average except for retail.





Veracode claimed that this is because apps in healthcare are often smaller in size, relatively new and have a lower density of bugs than software in verticals like tech, financial services, manufacturing and government.





HCOs do a better job than most at handling CRLF injection and cryptography-related bugs, which are both important to helping protect personally identifiable information (PII).





However, the sector is still not scanning apps for issues regularly enough and is the least likely of any vertical to scan for flaws in open source components. These are a major source of cyber risk: a Sonatype study last year found that a fifth (21%) of reported breaches over the previous 12 months were linked to the use of these third-party components.





Veracode argued that a failure to scan frequently for flaws means many are going unfixed and could therefore be e ..

Support the originator by clicking the read the rest link below.