Is software crypto failing?

by Rambus Blog, Jul. 15, 2015 – 

Although encryption is increasingly used to combat security breaches, a salient lack of expertise among developers, coupled with overly complex libraries, has led to widespread implementation failures in business applications.

According to IDG?s Lucian Constantin, the scale of the problem is quite significant. Indeed, a recent report published by Veracode confirms that cryptographic issues are now the second most common type of flaws affecting applications across all industries.

"Cryptographic issues ranked higher in prevalence than historically common flaws like cross-site scripting, SQL injection and directory traversal," Constantin explained. "[This] includes things like improper TLS (Transport Layer Security) certificate validation, cleartext storage of sensitive information, missing encryption for sensitive data, hard-coded cryptographic keys, inadequate encryption strength, insufficient entropy, non-random initialization vectors [and] improper verification of cryptographic signatures."

 Back