• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Retailers Can’t Afford to Neglect Software Security

Think Tank
Think Tank RSS FeedRSS

Retailers Can’t Afford to Neglect Software Security

E-commerce
January 3, 2021
Chris Eng, SCB Contributor

The COVID-19 pandemic has upended retail and accelerated digital transformation: Online retail surged in 2020, and U.S. holiday e-commerce sales rose a whopping 49% from the previous year.

With so much volume, retailers’ digital presence must be robust and secure. Web applications need to meet customer demands for ease of use and speed, but with 43% of all breaches occurring as a result of a vulnerability at the application layer, the security of these applications is paramount.

With the spike in online retail — and corresponding importance placed on these applications to drive revenue — retailers can benefit from insight into securing their applications.

Veracode’s recent State of Software Security Report (SoSS) highlighted the frequency of vulnerabilities in applications across different industry verticals, including the retail and hospitality sector. The report found that:

  • 26% of retail applications have high-severity security flaws
  • 76% of retail applications have flaws
  • 74% of total retail flaws are being fixed

To make sense of this data, we can compare the retail sector against other industries to find out how well retailers are securing applications and protecting their customers. The frequency of flawed retail applications is high, with more than three out of every four applications containing at least one flaw. Despite this daunting prevalence of vulnerabilities, retail has one of the best rates of fixing software flaws at 74%, second to only financial services at 75%, and better than healthcare, manufacturing, technology and government verticals.

Similar to this success in fix rate, retailers have the best flaw-remediation speed, with the average application requiring 125 days to fix half of its known defects. While retail and hospitality start out with more flaws than some other industries, developers are quick to dig in and fix those flaws in an effort to improve application security and protect customer data.

Overall, the retail industry’s effectiveness for fixing vulnerabilities in applications is promising. But what does it mean in the context of the past year? The new normal has impacted every industry and pushed business even further into the digital realm, meaning more traffic across applications everywhere. This holds especially true for industries like retail.

It’s worth noting the SoSS report found that 55% of severe retail and hospitality flaws fell into the category of information leakage. This type of flaw, if exploited, could ruin the trust customers have with retail brands and tarnish a brand’s reputation. The bottom line is that as more customer interactions shift online, retail application security must continue to improve. Organizations must rise to the challenge to continue integrating security throughout the software development lifecycle, running security checks on their applications frequently and regularly, and using multiple types of scans, through both static and dynamic analysis, to identify defects.

While application security teams should strive to continue to improve remediation speed, one of the best ways retail can improve its security posture is to limit the number of flaws going into applications to begin with.

Providing security education to the developers who are building and deploying these applications would help achieve this goal. Training developers on how to avoid common security flaws and write secure code from the start will reduce the number of new flaws, which in turn will make it easier to fix existing flaws over time. From there, AppSec programs in retail organizations will be better prepared to handle faster release cycles without slowing down developers.

Chris Eng is chief research officer at Veracode.

Technology Quality & Metrics Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Wake up to live
“Supply Chains in Crisis”
updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • INTERIOR OF A CHICKEN FARM, WITH WHITE CHICKENS AS FAR AS THE EYE CAN SEE

    Worst Avian Flu in U.S. History Is Hitting Poultry

    Food & Beverage
  • TWO FINGERS MANIPULATE WOODEN LETTER BLOCKS TO TURN FROM SHOWING THE WORD RECOVERY TO RESILIENCE

    Five Challenges to Supply Chain Resilience in 2023

    Supply Chain Visibility
  • A PERSON HOLDS UP A TABLET COMPUTER IN A WAREHOUSE, SUPER-IMPOSED BY A GRAPHIC SHOWING A COMPLEX WEB OF SUPPLY CHAIN ELEMENTS

    Three Post-Pandemic Actions for Repairing Global Supply Chains

    Data Management (Big Data/IoT/Blockchain)
  • A MAN IN A SUIT SHAKES HANDS WITH A WOMAN IN A HARD HAT, NEXT TO A STACK OF CONTAINERS

    Three Procurement Technology Evolutions for 2023

    Sourcing/Procurement/SRM
  • The blank stare of a child's eye who is standing behind what appears to be a wooden frame

    The Alarming Continued Rise of Modern Slavery in Supply Chains: How Procurement Can Help Reverse the Trend

    Sourcing/Procurement/SRM

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing