Marketers: Java apps vulnerable to attack

The last thing a marketer wants is for their customers to be hacked, but some apps are putting security up for grabs. Veracode has released the 2017 State of Software Security Report which indicates that while most Java-based apps have at least one security risk, fewer than one-third (28%) of businesses are regularly analyzing apps to determine if one of these vulnerabilities has been built in to their apps.

"The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications - making many of them breachable with a single exploit," said Chris Wysopal, CTO, CA Veracode. "Development teams aren't going to stop using components - nor should they. But when an exploit becomes available, time is of the essence. Open source and third party components aren't necessarily less secure than code you develop in-house, but keeping an up-to-date inventory of what versions of a component you are using. We've now seen quite a few breaches as a result of vulnerable components and unless companies start taking this threat more seriously, and using tools to monitor component usage, I predict the problem will intensify."

What is a marketer to do about this? First, begin testing apps your company uses to determine if a vulnerability has been left open. Then, if a vulnerability is there, contact your developer to contain the issue.

Tags: app vulnerability, Java attacks, mobile apps, mobile marketing, Veracode