Report: 4 out of 5 financial institutions use outdated and vulnerable JavaScripts

Cover image

With the popularity of digital banking, web applications have replaced face-to-face interactions and are now the primary interface for end users. The code you use and depend on is truly a core part of the business. A statement that is as true for finance, banking and financial services as for any other sector.

As the use of apps and the web continues to grow, so does the importance of staying in control of the code that your applications depend on - you want to avoid headaches like service downtime or security and compliance issues. And with 99% of applications using open source software - it’s a necessity to manage the open source supply chain.

Banks are often the target for fraud attempts and security threats. This elevated need for security, together with Bytesafe’s background in Financial Services made it natural to research the state of JavaScript security in the Nordic Financial sector.

The results from our research is striking - for many companies it can be a challenge keeping current and legacy applications up to date with the latest security fixes.

Continue reading and download the full report: The state of JavaScript Security - Nordic Financial Institutions - 2021.

The report

The intention of our research is to create awareness of JavaScript security risks by looking at the use of packages with known vulnerabilities in public websites. The intended audience is business and technical professionals in the sector.

The findings highlight the challenges in keeping track of and using secure and up-to-date open source software:

  • 78 % of sites contained at least one vulnerable version
  • The oldest vulnerable version was published over 12 years ago

A summary of the findings is available with the full details in the report. Available for anyone to download for free as of September 29, 2021.

State of Javascript report image. Click to download report Click on the image above or this report link to go to the download page for the report.

Positive reactions from the sector

Before publishing, the findings have been disclosed with organizations in scope for the report.

The reactions have been positive and have stirred activity among the members of the Swedish Bankers' Association.

“We are thrilled to see such enthusiastic response and activity to our report, both from the bank association and individual members. We’ve had more than a few acknowledge that the vulnerabilities exist and that they are committed to address the issues.

Bytesafe is all about security and insights into the software supply chain. Activities that trigger an increased awareness of issues in regards to secure management of open source dependencies is 100% aligned with our intention of the report."

Daniel Parmenvik

CEO/Founder, Bytesafe

Responsible disclosure

Responsible disclosure, ethically raising the awareness of an issue, is important when it comes to security vulnerabilities. Something we believe in and adhere to.

To truly know if a vulnerability can be exploited, you need a great level of detail for a system. Even so, you should always act responsibly. You never know who’s waiting to take advantage of information you disclose.

Want to improve your own open source supply chain with Bytesafe?

We are always keen to discuss how Bytesafe can assist your team and organization. Get in touch. Your code is our business! Book a demo or contact me directly if you have any questions.

Want to know more about security for the Banking and Finance sector? Visit our dedicated page Bytesafe for Financial Institutions to see how we secure the open source supply chain.

Security is never easy. Let us guide you through the jungle!

We’ll keep you up to date on supply chain security and send you the latest information.