"Financial Institutions Less AppSec-Savvy Than You'd Think" - Report by Security Compass featured in Dark Reading

Financial Institutions Less AppSec-Savvy Than You'd Think

New study shows banks all have policies in place, but lack metrics and good third-party software controls.

Financial institutions are known to have in place some of the most advanced application security practices and tools. Even so, a new benchmarking study out this week shows that even among these well-funded security programs there are still big gaps in their application security practices - a finding that should offer a clue as to the state of appsec at large.

The study found that while financial organizations almost universally have internal secure coding standards in place, most are hard-pressed to validate them. Additionally, fewer than half require their third-party vendors to have similar policies and standards.

Read the rest here: https://www.darkreading.com/application-security/financial-institutions-less-appsec-savvy-than-youd-think/d/d-id/1328364