96 percent of applications have security vulnerabilities -- and it's getting worse... or better
Publishing its Application Vulnerability Trends Report, Cenzic states that virtually all of the applications it tested had at least one security vulnerability. A staggering 96 percent of apps exhibited security issues, and it looks as though things are on a downward spiral.
In a similar report published last year, it was found that the median number of flaws was 13; this year it has increased to 14. So it appears as though things are getting worse... but is this the full story?
This is something that will be of particular concern where employees are increasingly bringing their own laptops and tablets into the work environment rather than relying on company-supplied and controlled devices. Especially worrying is the rise in security problems in mobile devices. Cenzic found that more than 80 percent of mobile apps had "excessive privileges" or violated privacy. The move to the cloud has been broadly welcomed, but it has also brought with it a range of problems.
An increasing number of web services and applications are in use, and there are concerns about how many are sharing sensitive, private data with third parties. In fact, almost a quarter of the security problems found related to such "information leakage" as Cenzic rather quaintly puts it. There have been a number of very high profile security issues in recent months -- Target, Adobe, etc -- affecting millions of people around the world, highlighting just how important security is. It is also proving incredibly costly, with companies generally responding retrospectively rather than proactively bolstering security; all at a global cost of $300 billion.
But while these figures may not sound all that great, there are signs of improvement. Despite the increased number of problems with mobile apps, and the slight jump in the median number of flaws, there is an overall downward trend. Back in 2012, an almost unbelievable 99 percent of applications were found to have security vulnerabilities, so things have improved to the tune of three percentage points. Cenzic points out that there is a shortage of "skilled application security professionals", so brush up on your skills and you could make yourself highly employable.