Sloppy Software: Serious Security Situation

You’d think we’d learn — that the feedback loop of “ouch, that hurts, not gonna do that again” would be in full effect.
Well, uh, it seems that not everyone got the memo.
(By the way, try searching for a “sloppy” image and see just how many photo variations of a certain type of edible dish come up — so I had to revert to “messy”. Apologies…)
Emphasis in red added by me.
Brian Wood, VP Marketing
———-

Software is getting sloppier

Study: Fewer apps met security standards this year than last year
Software has never been very secure, they say, but it may be getting even less so.
An analysis by security firm Veracode recently found that 70 percent of applications fail to comply with security policies, beating out last year’s 60 percent, reports Don Reisinger at CIO Insight.
Nearly one-third of attacks on business come in through SQL injections, which are getting easier for hackers, according to Veracode.
Viruses, in contrast, have subsided. While at one time viruses were the biggest threat to data security, they now account for only 2 percent of data loss cases.
As for mobility, cryptographic assaults are the biggest problem, accounting for 64 percent of all attacks on the Android platform and 58 percent on iOS.
Complicating the security landscape is the high turnover among chief information security officers, who these days stay at a job an average of 18 months.
Fierce’s Take: This seems like important news to me, but I’m not convinced anybody really cares. Is there anybody reading this who is outraged about sloppy software? Anyone? Anyone?
http://www.fiercecio.com/story/software-getting-sloppier/2013-05-11
——–

Software Gets More Insecure, Not Less

It’s no surprise the enterprise is worried about security. For decades now, companies have been getting hit hard by cybercriminals who have tried to take them down, and it seems like there hasn’t been a single time when any company was absolutely secure.
Quite the contrary, every enterprise has suffered the effects of a security hack, and all of those firms have feared that their most important data would be left exposed. It’s not an empty fear—as years drag on and hackers become more sophisticated, the threats companies face grow in comparison. And the chances of companies staying safe are starting to wane, according to security firm Veracode.
Despite significant improvements in awareness of the importance of securing software, we are not seeing the dramatic decreases in exploitable coding flaws that should be expected,” says Chris Eng, vice president of research at Veracode. “For each customer, development team or application that has become more secure, there are an equal number that have not.”
Veracode recently conducted a study, analyzing tens of thousands of applications and code exploits to discover the level to which companies are being exploited. And not surprisingly, the company’s findings provide worrisome data on the state of security, including the average tenure of chief information security officers.
Slide 1: Vulnerable Applications. Although application security is vital, a whopping 70% of applications analyzed by Veracode are not in compliance with company security policies.
Slide 2: Apps Are Getting Weaker, Not Stronger. Unfortunately, the rate of applications that are kept insecure actually increased. Last year, 60% of all applications failed to meet security standards.
Slide 3: Blame It On SQL.  How safe are your databases? 32% of all attacks against companies occurred via an SQL injection.
Slide 4: Compromised Users. Three of the largest SQL injection attacks last year resulted in millions of e-mail addresses, user names and passwords being exposed.
Slide 5: SQL Injections Are Getting Easier. The latest data shows that exploiting SQL injections has become extremely easy, making it simple for so-called “everyday hackers” to cause problems. In fact, 30% of their attacks will be SQL injections.
Slide 6: Mobile Is Also Problem. Don’t forget about smartphones and other mobile devices. According to the latest data, cryptographic attacks represent 64% of all assaults on Google’s Android platform.
Slide 7: Apple’s iOS Isn’t Much Better. Although Android is generally believed to be less secure than iOS, 58% of attacks on iOS are “cryptographic issues.”
Slide 8: Security Analysts In Demand. One thing is clear: Companies are investing more in security. In fact, hiring for security analysts is expected to rise by 22% between 2013 and 2020.
Slide 9: Viruses Decline As a Threat. Viruses used to be one of companies’ biggest concerns when it came to data losses, but just 2% of all root causes are viruses nowadays.
Slide 10: Here Today, Gone Tomorrow. One security problem for many businesses is the high turnover rate for chief information security officers; their average tenure at a company is just 18 months.
http://www.cioinsight.com/it-strategy/application-development/slideshows/software-gets-more-insecure-not-less-04/