Government is worst industry sector for fixing security vulnerabilities, claims Veracode

Veracode report suggests government fixes just 27 per cent of detected application vulnerabilities

Government is the worst performing sector at fixing security vulnerabilities in websites and mobile applications that they've produced, a new report has warned.

The 2015 State of Software Security Report by Veracode assessed 34 different sectors and concluded that government is more likely than other industry to fail at implementation of standard security policies.

Veracode found that organisations in government only remediate 27 per cent of application vulnerabilities after they're detected, making it the worst sector for fixing security vulnerabilities.

The report also claimed that web and mobile applications used by government have the highest prevalence of SQL injection vulnerabilities, making sensitive government data vulnerable to theft by cyber criminals.

The damning judgement comes shortly after a previous report suggested that only 10 per cent of of chief technology officers rate the performance of the government in preventing cyber attacks as 'good'.

Healthcare, retail and hospitality also ranked poorly for fixing vulnerability flaws, while financial services and manufacturing were ranked best for application security. Of those organisations in financial services, 65 per cent will remedy discovered vulnerabilities, while in manufacturing the figure rises to 81 per cent.

According to the 2015 State of Software Security Report, one of the key reasons government security is so poor is because it relies on outdated programming languages, such as Adobe ColdFusion, which was developed in the mid-1990s and known to generate more vulnerabilities.

"Every industry faces the challenge of securing web and mobile applications - which are continuously growing in both volume and complexity - across disparate and geographically-distributed development teams," said Chris Wysopal, Veracode chief information security officer and CTO.

"In 2014, we helped our customers identify and remediate 4.7 million vulnerabilities, significantly reducing enterprise risk. This report clearly shows that industries that ‘get it' have been able to achieve substantial success while others still struggle to manage the problem at scale," he added.

Veracode's State of Software Security Report is based on code-level analysis of billions of lines of code uploaded to the company's cloud platform by customers in different sectors across the globe.

The data was collected over a period of 18 months, with a total of 208,670 application scans performed in the cloud based platform.