9 in 10 firms also failed to patch software that sunk Equifax

9 in 10 firms also failed to patch software that sunk Equifax
© Greg Nash

More than 90 percent of applications using the same computer programming library that, left unpatched, lead to the Equifax data breach also fail to keep the software up to date, reports the security firm Veracode. 

Veracode analyzes clients' computer code for known security vulnerabilities. Based on its scans between April and September, 91 percent of applications that use Apache Struts use a version of Struts with at least one high severity vulnerability. 

Equifax admitted earlier this year it had intended but failed to patch Struts before a hacker took advantage of a security flaw in the library. That hacker ultimately compromised the personal information of 145.5 million Americans. 

ADVERTISEMENT
Veracode published that new statistic Tuesday as part of a new guide for developers on good coding practices printed as an addendum to its October "State of Security" report. 

Developers typically are not trained in cybersecurity, which has traditionally been treated as a separate field of software design. 

"There's a misconception developers do not care about security," Pete Chestna, director of developer engagement at Veracode. 

The hope at Veracode is that the guide will bridge that gap.