Omniquad breach was not unexpected, says Veracode
Third-party applications are not to be trusted, according to security experts.

Third-party code should not be taken on trust and installed without a security test, claimed Veracode at the RSA Security Conference in London this week.
Veracode, an application risk management cloud service company, has issued a report on the findings of its software testing over the past 18 months. It showed that applications from all types of third-party suppliers were less secure than internally developed applications.
"Third-party suppliers failed to achieve acceptable levels of security 81 per cent of the time," the report stated.
As if to illustrate Veracode's point, earlier this week UK company Omniquad, a cloud-based email and web access filtering service, fell victim to a flaw in third-party software it was using to manage helpdesk calls.
The exploit resulted in customer log-in details being published online. Omniquad said that as soon as the problem was discovered the information was removed and the system put offline.
Daniel Sobstel, managing director of Omniquad denied negligence on his company's part. He said that action was swift and all affected customers had been notified. The software had been in use for "a few years" without any previous incidents, he added.
Privacy International has reported the incident to the Information Commissioner for investigation.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"Breaches such as this demonstrates all too well the dire consequences that follow from failing to assess the risks that come from third party software," commented Chris Eng, senior director for security research at Veracode.
Both Safecode.org and Secunia, security testing organisations, have also recently pointed out the elevated risks associated with third-party software in the supply chain.
In Veracode's State of Software Security report, 2,922 applications were tested and more than half (57 per cent), both third-party and in-house, failed to meet an acceptable level of security. In the case of
web applications, 80 per cent failed to comply with the Open Web Application Security Project (OWASP) standards.
OWASP is a reference for US government departments and the PCI standards body for software security. It has listed ten security risks that should be tested for before software is brought online.
-
Should AI PCs be part of your next hardware refresh?
AI PCs are fast becoming a business staple and a surefire way to future-proof your business
By Bobby Hellard
-
Westcon-Comstor and Vectra AI launch brace of new channel initiatives
News Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
By Daniel Todd
-
The big book of selling data protection
Whitepaper Agile risk management starts with a common language
By ITPro
-
Detection is not enough: Exposed assets require rapid mitigation to reduce and eliminate risk
Whitepaper Agile risk management starts with a common language
By ITPro
-
Modern enterprise cybersecurity
whitepaper Cultivating resilience with reduced detection and response times
By ITPro
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainability
whitepaper CIOs are facing two conflicting strategic imperatives
By ITPro
-
Security operations use case guide
Whitepaper Improve your cyber resilience and vulnerability management while speeding up response times
By ITPro
-
Creating a proactive, risk-aware defense to thrive in today’s dynamic risk environment
Whitepaper Agile risk management starts with a common language
By ITPro
-
Turn banking technology risks into business advantages
Whitepaper Five proven practices to make it happen
By ITPro
-
Take your business further with a dedicated internet connection
whitepaper Achieve internet speed and reliability to match your business ambitions
By ITPro