Financial Services and FinTech companies rely heavily on open source to deliver innovative products and services, but untracked open source components and vulnerabilities expose your applications to significant risk of security breaches and compliance violations.
Financial organizations yield the highest number of data breaches annually across all industries, most often through web application attacks from malicious hackers. In March 2017, GMO Payment Gateway experienced a data breach from an Apache Struts vulnerability, resulting in the loss of 676,290 records. Financial firms like American Funds and Venmo have confirmed a period of exposure to the Heartbleed vulnerability. POODLE was found to have threatened Bank of America, Citibank, Vanguard, and dozens of sites run by Experian. In fact, data shows that twenty percent of financial companies have at least one CVE, with 72% vulnerable to POODLE, 38% to DROWN, and 23% to FREAK.
open source vulnerabilities per application
average age of vulnerabilities in applications
of vulnerabilities in financial applications are high-severity
We wanted a solution that could seamlessly integrate with our technology stack, was easy to use, and provided relevant feedback on mitigating any threats found in the open source used in our code, and we wanted that to happen as early as possible in the development cycle.
Don’t leave your customers and your company at risk. Ensure your applications are free of open source vulnerabilities. With Black Duck, you can build fast and stay secure by automating and integrating open source management throughout the SDLC.