MA-VERACODE
29.5.2024 14:31:31 CEST | Business Wire | Press release
Veracode, a global leader in application risk management, today released research revealing applications developed by public sector organizations have more security debt than those created by the private sector. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59 percent of applications in the public sector, compared to the overall rate of 42 percent. The research analyzed public sector organizations in more than 25 countries across the globe.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240529282258/en/
Figure 2: Security Debt in Public Sector Applications (Graphic: Business Wire)
“Decades of accumulated security debt in unpatched software and poor security configurations, are in the applications that serve our government,” said Chris Eng, Chief Research Officer at Veracode. “Without a systematic and continuous approach to finding and fixing security flaws, the public sector is left dangerously exposed to attacks from hackers.”
Federal government systems are increasingly under cyberattack, as malicious criminals target public sector organizations with more damaging and disruptive techniques. In response, the federal government is enforcing a flurry of initiatives to strengthen cybersecurity, including efforts to reduce risk in the applications that serve the government. In March of 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) released the Secure Software Development Attestation Form to hold providers to the federal government accountable for insecure software.
Veracode researchers found that while slightly fewer public sector organizations (68 percent) have security debt than other industries (71 percent), they tend to accumulate more of it. Only three percent of applications are flaw-free, compared to six percent across other industries. Even more concerning, 40 percent of public sector entities have persistent, high-severity flaws that constitute ‘critical’ security debt, which would put the confidentiality, integrity, and availability of businesses at serious risk if exploited.
“The good news is that most organizations have the capacity to remediate all critical debt, but risk prioritization is key,” said Eng. “Two-thirds of all flaws in public sector organizations are either less than one year old or are not critical in severity. In addition, less than one percent of all flaws constitute critical security debt. By prioritizing that security debt with focused effort, organizations can achieve maximum risk reduction and then move to address non-critical flaws based on their risk tolerance and capabilities.”
According to the report, security debt in the public sector primarily affects first-party code (93 percent), but most of the critical security debt comes from third-party dependencies (55.5 percent). This reinforces the importance of the Open Source Security Software Initiative (OS3I), an inter-agency working group focused on ensuring open-source software is “as safe, secure and sustainable as it is open.” It also emphasizes the need for organizations to focus on both first- and third-party code to effectively reduce security debt.
The analysis further shows security debt in the public sector is primarily concentrated in older, larger applications (22 percent). This is especially true for critical security debt (30 percent), confirming a correlation between application age and the accumulation of security debt. Researchers also compared the security debt profile for different development languages and found that Java and .NET applications stand out as significant sources of debt in the public sector.
“The current state of software security in the public sector reinforces the importance of making secure by design a standard approach for the whole network connected world,” closed Eng. “We applaud CISA’s recent announcement of its Secure by Design Pledge and are proud to be one of the inaugural signatories. Our goal with this research is to further support our government and industry partners in promoting widespread adoption of these principles.”
The full State of Software Security Public Sector 2024 report is available to download on the Veracode website.
About the State of Software Security Report
The Veracode State of Software Security 2024 report analyzed data from large and small companies, commercial software suppliers, software outsourcers, and open-source projects. The research draws from more than a million (1,007,133) applications across all scan types, 1,553,022 dynamic analysis scans, and 11,429,365 static analysis scans. All those scans produced 96 million raw static findings, 4 million raw dynamic findings, and 12.2 million raw software composition analysis findings.
About Veracode
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.
Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240529282258/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Venionaire Capital Mandated to Structure KISAB’s Next Growth Round19.5.2026 12:41:00 CEST | Press release
Growth round to target growth private equity and strategic investors as KISAB advances its 8-inch BPD-free SiC wafer platform Venionaire Capital has been mandated by Kiselkarbid i Stockholm AB (“KISAB”) to structure and support the company’s next growth round. The mandate includes investor relations, investor communications and strategic financing preparation, targeting growth private equity and strategic investors. KISAB is a Sweden-based silicon carbide semiconductor materials company focused on advanced SiC substrates for power electronics. The company publicly highlights its 8-inch BPD-free n-type silicon carbide wafers, with the 8-inch platform representing an important technological step for next-generation high-performance power electronics. KISAB has previously attracted approximately EUR 24 million across several financing rounds. Publicly named investors include Fairpoint Capital, Industrifonden and Ingka GreenTech. Venionaire Capital will now support the company in sharpenin
motif Launches Clarity, a First-of-Its-Kind AI Financial Intelligence System19.5.2026 12:39:00 CEST | Press release
Clarity applies contextual understanding to market intelligence, enabling auditable, high-quality AI wealth advisory for financial institutions motif, the AI wealth advisory company backed by Liminal (a venture creation group founded by Temasek), today launched Clarity, an AI financial intelligence system that tracks how markets, assets and financial relationships connect, and how and why they change over time, building enriched connections that deliver the kind of structured, sourced insight that financial institutions have never had, even with dedicated analyst teams. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260511241653/en/ motif Launches Clarity, a First-of-Its-Kind AI Financial Intelligence System Financial institutions integrate Clarity into their products so customers can make better-informed investment decisions, while analysts and product teams use it to track market shifts and plan accordingly. Informed inves
Axelspace Announces Launch of Seven GRUS-3 Earth Observation Microsatellites, No Earlier Than July 202619.5.2026 10:30:00 CEST | Press release
Enabling Wide-Area, High-Frequency Observation to Expand the Applications of Satellite Data Axelspace Corporation, a leading developer and operator of microsatellites dedicated to realizing its vision of “Space within Your Reach,” announced today that GRUS-3, a set of seven next-generation Earth observation microsatellites, is scheduled to be launched no earlier than July 2026. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260519449959/en/ Seven flight model of GRUS-3 next-generation Earth observation microsatellites ©Axelspace The seven GRUS-3 microsatellites will launch aboard the Transporter-17 rideshare mission via Exolaunch, a global leader in launch mission management, satellite integration, and deployment services, from Vandenberg Space Force Base in California, USA. We currently operate five optical Earth observation microsatellites, GRUS-1, under our Earth observation data service, AxelGlobe. With the launch of its
Money20/20 Europe Announces Powerhouse Speaker Lineup Featuring Leaders from Klarna, BBVA, ABN AMRO, Mastercard, eToro, and Revolut19.5.2026 10:10:00 CEST | Press release
Leading voices in payments, banking, and fintech innovation to take the stage in Amsterdam Money20/20, the world’s leading fintech show and the place where money does business, today announced a stellar line-up of speakers for Money20/20 Europe happening on June 2-4 at the RAI in Amsterdam. The show will feature 450+ speakers across six stages, exploring the forces redefining global finance through AI innovation, digital assets, and regulatory transformation. Newly confirmed speakers include some of the most influential voices shaping the future of payments, banking, and financial services: Sebastian Siemiatkowski, Co-Founder and CEO, Klarna. A pioneer in the buy now, pay later revolution, Siemiatkowski has transformed consumer payments and continues to drive innovation in embedded finance and AI-powered shopping experiences. Onur Genç, CEO, BBVA. Leading one of Europe's most digitally advanced banks, Genç is at the forefront of banking transformation, leveraging data, technology, and
Mythic Acquires Videantis, One of Europe’s Leading Digital Processor IP Companies, to Build the World’s Most Energy-Efficient AI Compute Platform19.5.2026 10:00:00 CEST | Press release
Silicon Valley and German engineering unite to create a new AI compute champion for Europe and the world Mythic, a pioneer in analog compute-in-memory and architect of the industry’s most energy-efficient AI acceleration technology, today announced it has acquired Videantis GmbH, one of Europe’s leading digital processor IP companies. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260519255958/en/ The transaction unites Mythic’s breakthrough analog compute platform with Videantis’ highly differentiated, unified digital processor architecture and production-proven software stack — accelerating Mythic’s delivery of a new class of hybrid AI compute platform with a 100x energy efficiency advantage over conventional GPU-based systems. This deal builds on Mythic’s recently announced agreement with Honda to co-develop next-generation AI chips for future vehicles — a validation of Mythic’s game-changing architecture in one of the wo
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom