You’d think that after news of the Heartbleed bug broke, every IT organization worth their salt would have immediately moved to start monitoring their structural robustness and code quality to protect their sensitive consumer data. And while many did, two months after Heartbleed was announced, more than 300,000 servers were still vulnerable.
Now, three months later, CAST Research Labs has found there is a direct link between the growing number of data breaches and security incidents, and poor code quality in consumer applications. The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.
You can read more findings from the 2014 CAST CRASH Report in a release we put out this morning, and don't forget to register to receive the 2014 CRASH Report executive summary as soon as it's published.
Even though IT organizations across the globe are launching new initiatives to counteract the negative effects of these heartbleed-style vulnerabilities, it’s unfortunately too little too late. So long as IT organizations sacrifice software quality and security for the sake of meeting unrealistic schedules, we can expect to see more high-profile attacks leading to the exposure and exploitation of sensitive consumer data.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.