More than half of mobile applications aren't secure, according to a report by Internet security company Veracode.
Out of approximately 2,900 applications tested over an 18-month period, 57 percent failed to meet "acceptable levels" of security, Veracode said. This happened even when Veracode said it lowered its standards for apps it considered less business-critical. Third-party code represented the biggest security risk with an 81 percent failure rate. Web-based applications performed at a similar rate of failure; 80 percent don't comply with Open Web Application Security Project (OWASP) top 10 maxims for security. This means they wouldn't pass the standard necessary for e-commerce apps. This type of application was the most commonly assessed, which could explain its high rate of insecurity, Veracode said. Although more than half of finance-related applications also failed on the first analysis, these applications ranked above the other applications tested with, 56 percent chance of vulnerabilities.
Veracode reported that security issues are being resolved faster, however, with the time it takes for organizations to repair insecure apps dropping from between 36-82 days to 16 days on average.