A recent report by Black Duck Software reveals alarming vulnerabilities across various industries, particularly in Finance and Insurance, which recorded the highest number of critical vulnerabilities at 1,299. The "2024 Software Vulnerability Snapshot," based on over 200,000 dynamic application security testing (DAST) scans from June 2023 to June 2024, highlights the urgent need for improved security practices in sectors like Finance, Insurance, and Healthcare.
Overall, the report identified 96,917 vulnerabilities, with cryptographic failures and injection vulnerabilities representing the most significant threats. Cryptographic failures alone accounted for over 30,000 instances, exposing sensitive data to potential breaches, while injection vulnerabilities exceeded 4,800. These weaknesses can lead to the theft of personally identifiable information (PII), financial data, and medical records, resulting in severe economic repercussions and reputational damage for affected organisations.
The study also underscored the variability in remediation timelines across industries. The Finance and Insurance sectors, faced with stringent regulations, typically resolve vulnerabilities in an average of 28 days for lower-complexity web assets. In contrast, the utility sector takes significantly longer—averaging 107 days—largely due to reliance on legacy systems that are challenging to update.
The report emphasised the pervasive risk of security misconfigurations, affecting 98% of applications, which endangers business continuity.
“This high number of vulnerabilities is a clear wake-up call that businesses cannot remain stagnant when deploying new security measures,” stated Jason Schmitt, CEO of Black Duck. “The longer it takes to patch a vulnerability, the greater the risk of exploitation. Software risk equates to business risk, and with today’s sophisticated threats, organisations must build trust in their software through a comprehensive and integrated security approach.”