With the popularity of digital banking, web applications have replaced face-to-face interactions and are now the primary interface for end users. The code you use and depend on is truly a core part of the business. A statement that is as true for finance, banking and financial services as for any other sector.
As the use of apps and the web continues to grow, so does the importance of staying in control of the code that your applications depend on - you want to avoid headaches like service downtime or security and compliance issues. And with 99% of applications using open source software - it’s a necessity to manage the open source supply chain.
The results from our research is striking - for many companies it can be a challenge keeping current and legacy applications up to date with the latest security fixes.
The findings highlight the challenges in keeping track of and using secure and up-to-date open source software:
- 78 % of sites contained at least one vulnerable version
- The oldest vulnerable version was published over 12 years ago
A summary of the findings is available with the full details in the report. Available for anyone to download for free as of September 29, 2021.
Click on the image above or this report link to go to the download page for the report.
Positive reactions from the sector
Before publishing, the findings have been disclosed with organizations in scope for the report.
The reactions have been positive and have stirred activity among the members of the Swedish Bankers' Association.
“We are thrilled to see such enthusiastic response and activity to our report, both from the bank association and individual members. We’ve had more than a few acknowledge that the vulnerabilities exist and that they are committed to address the issues.
Bytesafe is all about security and insights into the software supply chain. Activities that trigger an increased awareness of issues in regards to secure management of open source dependencies is 100% aligned with our intention of the report."
Responsible disclosure, ethically raising the awareness of an issue, is important when it comes to security vulnerabilities. Something we believe in and adhere to.
To truly know if a vulnerability can be exploited, you need a great level of detail for a system. Even so, you should always act responsibly. You never know who’s waiting to take advantage of information you disclose.
Want to improve your own open source supply chain with Bytesafe?
Want to know more about security for the Banking and Finance sector? Visit our dedicated page Bytesafe for Financial Institutions to see how we secure the open source supply chain.