Automation & Training Drive Financial Software Security

By Author: Ben Gross
Total Articles: 429
Comment this article

Veracode, a prominent global provider of intelligent software security, has released new research shedding light on the factors influencing flaw introduction and accumulation in the Financial Services sector. The research indicates that the security performance of financial applications generally surpasses that of other industries. Factors contributing to this performance include automation, targeted security training, and Application Programming Interface (API) scanning, which have led to a year-over-year reduction in the percentage of applications with flaws.

In the context of increasing regulations affecting the financial services sector, including rules from the U.S. Securities and Exchange Commission and the E.U. Digital Operational Resilience Act (DORA), Veracode's study provides recommendations to mitigate risks associated with software vulnerabilities. The research reveals that while nearly 72 percent of applications in the Financial Services sector contain security flaws, this represents the lowest percentage among the industries analyzed and represents an improvement compared to the previous year.

Chris ...
... Eng, Chief Research Officer at Veracode, noted the positive performance of the Financial Services sector in the analysis, attributing it to factors such as competition, customer expectations, and industry regulations. Eng stressed the importance of automation and secure coding techniques to help financial organizations prevent, detect, and respond to vulnerabilities more effectively.

Veracode's research highlights the positive impact of scanning via API and security training on the Financial Services sector, with both contributing significantly to reducing the likelihood of flaw introduction. Scanning via API is an indicator of maturity in a software security program, and integrating APIs enhances automation and control over the development pipeline. Security training, when combined with API scanning, lowers the likelihood of flaw introduction by 19 percent per month.

The report also highlights the significance of AI and Machine Learning, with Java being the predominant language in the Financial Services sector. Veracode's AI-powered remediation tool, Veracode Fix, uses machine learning to generate fixes for Java static findings, significantly reducing time and effort while improving security posture.

Overall, the Veracode research demonstrates the Financial Services sector's commitment to enhancing software security and reducing vulnerabilities while staying compliant with evolving regulations. The use of technology such as AI, along with practices like security training and API scanning, has proven effective in achieving these goals.

More Information : https://www.techdogs.com/tech-news/business-wire/veracode-reveals-automation-and-training-are-key-drivers-of-software-security-for-financial-services