• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile

  • CORONAVIRUS
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • REGIONS
    • Asia Pacific
    • Canada
    • China
    • Europe
    • Latin America
    • Middle East/Africa
    • North America
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Retailers Can’t Afford to Neglect Software Security

Think Tank
Think Tank RSS FeedRSS

Technology / Quality & Metrics / Supply Chain Security & Risk Mgmt

Retailers Can’t Afford to Neglect Software Security

E-commerce
January 3, 2021
Chris Eng, SCB Contributor

The COVID-19 pandemic has upended retail and accelerated digital transformation: Online retail surged in 2020, and U.S. holiday e-commerce sales rose a whopping 49% from the previous year.

With so much volume, retailers’ digital presence must be robust and secure. Web applications need to meet customer demands for ease of use and speed, but with 43% of all breaches occurring as a result of a vulnerability at the application layer, the security of these applications is paramount.

With the spike in online retail — and corresponding importance placed on these applications to drive revenue — retailers can benefit from insight into securing their applications.

Veracode’s recent State of Software Security Report (SoSS) highlighted the frequency of vulnerabilities in applications across different industry verticals, including the retail and hospitality sector. The report found that:

  • 26% of retail applications have high-severity security flaws
  • 76% of retail applications have flaws
  • 74% of total retail flaws are being fixed

To make sense of this data, we can compare the retail sector against other industries to find out how well retailers are securing applications and protecting their customers. The frequency of flawed retail applications is high, with more than three out of every four applications containing at least one flaw. Despite this daunting prevalence of vulnerabilities, retail has one of the best rates of fixing software flaws at 74%, second to only financial services at 75%, and better than healthcare, manufacturing, technology and government verticals.

Similar to this success in fix rate, retailers have the best flaw-remediation speed, with the average application requiring 125 days to fix half of its known defects. While retail and hospitality start out with more flaws than some other industries, developers are quick to dig in and fix those flaws in an effort to improve application security and protect customer data.

Overall, the retail industry’s effectiveness for fixing vulnerabilities in applications is promising. But what does it mean in the context of the past year? The new normal has impacted every industry and pushed business even further into the digital realm, meaning more traffic across applications everywhere. This holds especially true for industries like retail.

It’s worth noting the SoSS report found that 55% of severe retail and hospitality flaws fell into the category of information leakage. This type of flaw, if exploited, could ruin the trust customers have with retail brands and tarnish a brand’s reputation. The bottom line is that as more customer interactions shift online, retail application security must continue to improve. Organizations must rise to the challenge to continue integrating security throughout the software development lifecycle, running security checks on their applications frequently and regularly, and using multiple types of scans, through both static and dynamic analysis, to identify defects.

While application security teams should strive to continue to improve remediation speed, one of the best ways retail can improve its security posture is to limit the number of flaws going into applications to begin with.

Providing security education to the developers who are building and deploying these applications would help achieve this goal. Training developers on how to avoid common security flaws and write secure code from the start will reduce the number of new flaws, which in turn will make it easier to fix existing flaws over time. From there, AppSec programs in retail organizations will be better prepared to handle faster release cycles without slowing down developers.

Chris Eng is chief research officer at Veracode.

RELATED CONTENT

RELATED VIDEOS

Wake up to live
“Supply Chains in Crisis”
updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • 0620_NFT.png

    Can NFTs Be an Effective Tool for Supply Chain Visibility?

    Technology
  • The Craft Beer Boom: How to Satisfy Changing Consumer Tastes

    Shortages of Beer, Popcorn Join Supply Chain Crisis

    Global Supply Chain Management
  • FedEx

    FedEx Faces Big Changes as New Boss Confronts Higher Costs, Angry Contractors

    Last Mile Delivery
  • 0621_Burrito.png

    Chipotle Zeroes in on Supply Chain Traceability and Visibility

    Sourcing/Procurement/SRM
  • cyber crime

    The Cyber Blind Spot That Makes Every Supply Chain Vulnerable

    Regulation & Compliance

Digital Edition

Scb may 2022 sm

2022 Supply Chain ESG Guide

VIEW THE LATEST ISSUE

Case Studies

  • 3PL Doubles Productivity With Robots to Fulfill Medical Supply Orders

  • E-Commerce Company Cuts Order Fulfillment Time by 40%

  • Fashion Retailer Halves Fulfillment Time With Omichannel Automation

  • Distributor Scales Business by Integrating Warehouse Automaton Software

  • Fast-Growing Fashion Brand Scales E-Commerce Fulfillment With Whiplash

Visit Our Sponsors

Yang Ming Alithya Barcoding
Blue Yonder BNSF Logistics Generix
GEP GreyOrange Here
Honeywell Intelligrated IFM Inmar
Keelvar Kinaxis Korber
Liberty SBF Locus Robotics Logility
Lucas Systems Nvidia Old Dominion
ORTEC Parsyl QIMA
Redwood Logistics Saddle Creek Logistics Schneider Dedicated
Setlog Holding AG Ship4WD Shipwell
Tecsys TGW Systems Thomson Reuters
Tive Trailer Bridge Vecna Robotics
Verity
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2022 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing