curtis bill

Old and poorly-written code is exposing companies to hackers, with the financial sector at greatest risk, new research reveals.

A review of hundreds of millions of lines of code in applications worldwide found 1.3 million weaknesses which could allow hackers to take advantage of business systems.

CAST, a leading software intelligence company, revealed the findings in its global benchmarking report on the state of software security.

The CRASH Report on Application Security uses a Common Weakness Enumeration (CWE) density score to identify the frequency of typical weaknesses in software architecture, design or code.

Dr. Bill Curtis, SVP and chief scientist at CAST Research Labs, said: “We found that, overall organisations are taking application security quite seriously.

“However, there are clear outliers to this broad finding that put companies and their customers at significant risk. Without a clear understanding of existing application security vulnerabilities, organisations are not addressing some of the biggest software risks that pose a threat to their business.”

He revealed that financial services and telecommunications have the highest CWE densities compared to other industries and energy and utilities had the lowest risk profile.

Curtis warned that in some cases, frequent, poorly-designed updates were significantly increasing the risk of problems.

The report warned: “This is a particularly interesting finding, given the industry’s broad shift toward agile development and continuous release schedules.

“While this kind of deployment cycle has been shown to improve user experience, it is putting the application at greater risk of security defects.”