Financial Institutions Less AppSec-Savvy Than You'd Think
New study shows banks all have policies in place, but lack metrics and good third-party software controls.
Financial institutions are known to have in place some of the most advanced application security practices and tools. Even so, a new benchmarking study out this week shows that even among these well-funded security programs there are still big gaps in their application security practices - a finding that should offer a clue as to the state of appsec at large.
The study found that while financial organizations almost universally have internal secure coding standards in place, most are hard-pressed to validate them. Additionally, fewer than half require their third-party vendors to have similar policies and standards.