Four out of five Swedish banks and financial institutions use web technology components with known vulnerabilities. It’s time for the financial industry to improve their focus and monitoring of components used in business-critical solutions.
The words of Daniel Parmenvik, CEO and responsible for the IT security product Bytesafe. The company examined the use of open source components with known vulnerabilities among Swedish Banking Association members.
– “The result was disappointing and not good enough. As many as 78 percent of the websites reviewed used at least one component with security flaws”, says Daniel Parmenvik.
The technology in focus: JavaScript components, which are often outdated and neglected. Partly due to inadequate processes for automatically and continuously reviewing components.
As well as lack of transparency, where the business stakeholders who are responsible, are unaware of the risks.
– “In many cases, developers have good insight into what components are currently used, but the organizations lack overarching tools to manage applications over time.
At the same time the business side is often more interested in the progressing projects rather than investing time into the details of IT security”, says Daniel Parmenvik.
A large extent of modern applications consist of ready-made components that people outside the organization have developed, most often in the form of open source components.
The benefits of reusing code are obvious: reducing costs and speeding up the pace of development. At the same time, it introduces risk when reusing external code from resources outside of an organization’s direct control.
– ”In general, organizations lack proper control over which components and versions are used in their applications and how old they are. In our study, for example, we found components that were over 12 years old, increasing the risk of security issues”, says Daniel Parmenvik.
According to him, the way forward is to introduce better systems that continuously monitor which software components are used, and warn if any new vulnerabilities appear.
– “Vulnerabilities are discovered over time and organizations must implement processes and tools that examine components continuously, to reduce IT risks.
To use components directly from public code libraries without any kind of oversight, can be very harmful”, says Daniel Parmenvik.
Source: https://coinpedia.org/banking-finance/banks-inefficiency-into-technology/
- 7
- Advertisement
- among
- applications
- Banking
- Banks
- business
- cases
- ceo
- code
- company
- component
- Costs
- Dev
- developers
- Development
- discovered
- financial
- Financial institutions
- Focus
- form
- Forward
- General
- good
- How
- HTTPS
- industry
- institutions
- investing
- IT
- JavaScript
- large
- Members
- monitoring
- open
- open source
- organization
- organizations
- People
- Product
- projects
- public
- reduce
- Resources
- Risk
- security
- Software
- Solutions
- Study
- Systems
- Technology
- time
- Transparency
- Vulnerabilities
- web
- websites
- WHO
- words
- years
