The study also revealed significant differences in remediation schedules between first-party and third-party defects.
Financial organizations typically remediate half of their first-party defects within nine months, while third-party defects are remediated within 13 months.
Additionally, 52% of third-party flaws turn into a security liability, and 44% of first-party flaws turn into a security liability.
These findings highlight the challenges financial institutions face in managing and updating third-party dependencies, which often require coordination with external developers or vendors.
The prevalence of security debt in third-party code highlights the importance of initiatives such as the Cybersecurity and Infrastructure Security Agency’s Open Source Software Security Roadmap and the Secure by Design Pledge.
These programs aim to strengthen the security of the open source ecosystem, which plays a critical role in modern software development across industries, including finance.
Impact on the global financial system
The accumulation of securities debt in the financial sector has far-reaching implications for the global economy.
As financial institutions become more interconnected and more reliant on digital systems, vulnerabilities in one organization’s software can ripple throughout the financial ecosystem.
