IT Industry Falls Behind in Web Application Security
Is security the price of innovation? The IT industry produces Web applications with far more vulnerabilities, and patches them far slower, than other companies.The fast pace of innovation by the information technology industry has seemingly left businesses in that industry behind in the race to secure their Web applications, according to the annual WhiteHat Security Web Applications Security Statistics Report released on June 7. As an industry, IT firms came in dead last in measures of security—and first in measures of vulnerability—based on scans of their Web applications by WhiteHat. The average IT Web application, for example, had 32 vulnerabilities, compared with 28 vulnerabilities in Web apps produced by educational organizations or 23 vulnerabilities in retail Web applications. In addition, the average age of a Web application vulnerability topped 875 days for the IT industry, nearly twice the age of the second worst performer, the education sector, according to the report. The IT industry's rate of production of Web apps is much higher compared with other industries, and that could significantly contribute to the greater security weaknesses of the industry, Setu Kulkarni, vice president of product management for WhiteHat Security, told eWEEK. "In IT, we see rapid change," he said. "They are the folks who are knowledgeable about producing a lot of these applications. As you are on the leading edge of technology, you are adopting the latest and greatest framework and open-source software, for example."
Even though the report serves notice to startups and businesses hawking the latest online service or product, other industries are not off the hook.