Over a quarter of retail apps have serious security flaws
A side effect of the pandemic over the last year has been that online shopping has boomed. But a new study from Veracode reveals that 76 percent of apps in the retail and hospitality sector contain flaws, with 26 percent having high-severity issues that require urgent attention.
Compared to other industries, however, retail and hospitality ranks second-best for overall fix rate with half of flaws remediated in just 125 days, nearly one month faster than the next-fastest sector. While this may seem lengthy, half of flaws across all industries remain unfixed for much longer and some may never be fixed at all.
Businesses in this sector track a high volume of personal information about consumers through loyalty cards and membership accounts, tying into marketing data from third parties, which is enabled by more software. This makes them attractive targets and means that the ability to find and fix potential security defects quickly is a necessity.
"Retail and hospitality companies face the dual pressure of being high value targets for attackers while also requiring software that allows them to be highly responsive to customers and compliant with industry regulations such as PCI," says Chris Eng, chief research officer at Veracode. "Developers in the retail and hospitality sector appear to do a better job than others when dealing with issues related to information leakage and input validation. Using API-driven scanning and software composition analysis to scan for flaws in open source components offer the most opportunity for improvement for development teams in the retail sector."
The industry fares well when comparing the prevalence of common flaw types, trending lower in categories like information leakage and input validation compared to other sectors. But Veracode's research finds that developers in the retail sector struggle with encapsulation, SQL injection, and credential management issues.
The full report is available from the Veracode site.
Photo Credit: Digital Storm/Shutterstock</a