Financial Institutions Less AppSec-Savvy Than You’d Think
New study shows banks all have policies in place, but lack metrics and good third-party software controls.
Financial institutions are known to have in place some of the most advanced application security practices and tools. Even so, a new benchmarking study out this week shows that even among these well-funded security programs there are still big gaps in their application security practices – a finding that should offer a clue as to the state of appsec at large.
The study found that while financial organizations almost universally have internal secure coding standards in place, most are hard-pressed to validate them. Additionally, fewer than half require their third-party vendors to have similar policies and standards.
About Security Compass
Security Compass, a leading provider of cybersecurity solutions, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, allows organizations to balance the need to accelerate software time-to-market while managing risk by automating significant portions of proactive manual processes for security and compliance. SD Elements is the world’s first Balanced Development Automation platform. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. The company is headquartered in Toronto, with offices in the U.S. and India. For more information, please visit https://www.securitycompass.com/