MA-VERACODE
29.5.2024 14:31:31 CEST | Business Wire | Press release
Veracode, a global leader in application risk management, today released research revealing applications developed by public sector organizations have more security debt than those created by the private sector. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59 percent of applications in the public sector, compared to the overall rate of 42 percent. The research analyzed public sector organizations in more than 25 countries across the globe.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240529282258/en/
Figure 2: Security Debt in Public Sector Applications (Graphic: Business Wire)
“Decades of accumulated security debt in unpatched software and poor security configurations, are in the applications that serve our government,” said Chris Eng, Chief Research Officer at Veracode. “Without a systematic and continuous approach to finding and fixing security flaws, the public sector is left dangerously exposed to attacks from hackers.”
Federal government systems are increasingly under cyberattack, as malicious criminals target public sector organizations with more damaging and disruptive techniques. In response, the federal government is enforcing a flurry of initiatives to strengthen cybersecurity, including efforts to reduce risk in the applications that serve the government. In March of 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) released the Secure Software Development Attestation Form to hold providers to the federal government accountable for insecure software.
Veracode researchers found that while slightly fewer public sector organizations (68 percent) have security debt than other industries (71 percent), they tend to accumulate more of it. Only three percent of applications are flaw-free, compared to six percent across other industries. Even more concerning, 40 percent of public sector entities have persistent, high-severity flaws that constitute ‘critical’ security debt, which would put the confidentiality, integrity, and availability of businesses at serious risk if exploited.
“The good news is that most organizations have the capacity to remediate all critical debt, but risk prioritization is key,” said Eng. “Two-thirds of all flaws in public sector organizations are either less than one year old or are not critical in severity. In addition, less than one percent of all flaws constitute critical security debt. By prioritizing that security debt with focused effort, organizations can achieve maximum risk reduction and then move to address non-critical flaws based on their risk tolerance and capabilities.”
According to the report, security debt in the public sector primarily affects first-party code (93 percent), but most of the critical security debt comes from third-party dependencies (55.5 percent). This reinforces the importance of the Open Source Security Software Initiative (OS3I), an inter-agency working group focused on ensuring open-source software is “as safe, secure and sustainable as it is open.” It also emphasizes the need for organizations to focus on both first- and third-party code to effectively reduce security debt.
The analysis further shows security debt in the public sector is primarily concentrated in older, larger applications (22 percent). This is especially true for critical security debt (30 percent), confirming a correlation between application age and the accumulation of security debt. Researchers also compared the security debt profile for different development languages and found that Java and .NET applications stand out as significant sources of debt in the public sector.
“The current state of software security in the public sector reinforces the importance of making secure by design a standard approach for the whole network connected world,” closed Eng. “We applaud CISA’s recent announcement of its Secure by Design Pledge and are proud to be one of the inaugural signatories. Our goal with this research is to further support our government and industry partners in promoting widespread adoption of these principles.”
The full State of Software Security Public Sector 2024 report is available to download on the Veracode website.
About the State of Software Security Report
The Veracode State of Software Security 2024 report analyzed data from large and small companies, commercial software suppliers, software outsourcers, and open-source projects. The research draws from more than a million (1,007,133) applications across all scan types, 1,553,022 dynamic analysis scans, and 11,429,365 static analysis scans. All those scans produced 96 million raw static findings, 4 million raw dynamic findings, and 12.2 million raw software composition analysis findings.
About Veracode
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.
Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.
Copyright © 2024 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240529282258/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
VerSprite Launches Fork and Knife: AI-Driven Threat Modeling and Adversarial Testing Built for the Speed of Modern Software26.6.2026 23:28:00 CEST | Press release
Powered by the risk-centric PASTA methodology and two decades of accredited offensive security, the integrated platform lets enterprises threat model in a security sprint—then prove the risk through AI-led, human-on-the-loop testing. VerSprite, a global leader in risk-based threat modeling and the firm behind the PASTA (Process for Attack Simulation and Threat Analysis) methodology, today announced the general availability of Fork (www.forktm.com), a continuous application threat modeling platform, alongside Knife, an AI-led, human-on-the-loop adversarial testing platform for web applications and web API endpoints. Together, the two products operationalize a new model for product security—one where applications are securely designed, continuously modeled, and actively tested as part of the build process itself. The launch addresses a problem every security leader knows but few tools have solved: threat modeling is essential, never more so than in an AI-driven era, yet it has remained s
Venture Global Announces Closing of $1.5 Billion Senior Secured Vessel Financing Facility26.6.2026 22:30:00 CEST | Press release
Venture Global, Inc. (NYSE: VG) announced today that its wholly-owned subsidiary, Venture Global Shipping Holdings, LLC (“VGSH”), has entered into a Credit and Guaranty Agreement providing for a senior secured term loan facility (the “Facility”) in an aggregate principal amount of up to $1,500,000,000. The Facility will mature on June 26, 2032. Deutsche Bank and ING acted as coordinating lead arrangers for the Facility. ING also serves as facility agent and security trustee. VGSH intends to use the net proceeds from the Facility for general corporate purposes, including to reimburse Venture Global LNG, Inc. for payments previously made by it or its affiliates in connection with the acquisition of nine LNG carriers, funding certain reserve accounts, and paying transaction fees and expenses. About Venture Global Venture Global is an American producer and exporter of low-cost U.S. liquefied natural gas (“LNG”) with over 100 MTPA of capacity in production, construction, or development. Ven
Andersen Consulting tilføjer House of Code for at styrke teknologi- og dataløsninger26.6.2026 20:01:00 CEST | Pressemeddelelse
Andersen Consulting forstærker sine kompetencer inden for teknologisk transformation gennem en samarbejdsaftale med House of Code, en global virksomhed med hovedkvarter i USA, der specialiserer sig i datadrevne platforme, automatisering og agentbaserede ai-løsninger. House of Code blev stiftet i 2001 og udvikler softwareløsninger samt yder rådgivning til energihandels- og finanssektoren med kunder, der spænder over hedgefonde, kapitalfonde og forsyningsvirksomheder. Virksomheden besidder dyb ekspertise inden for energihandel og risikostyring og hjælper organisationer med systemimplementering, forretningstransformation, dataautomatisering og ai-underbygget modernisering af arbejdsgange. Deres proprietære platform, Enterprise Platform for Integrated Compliance (EPIC), skaber en mere effektiv datastyring, automatiserer rapporteringsprocesser, forbedrer den driftsmæssige gennemsigtighed på tværs af virksomhedssystemer og skaber et fundament for opbygning af intelligente, agentbaserede arbe
Capco Recognized by OpenAI for Innovation and Responsible AI Leadership26.6.2026 20:00:00 CEST | Press release
Receives AI Governance & Risk Excellence Award at OpenAI Partner SummitCapco’s UK AI Lab wins OpenAI Codex Hackathon Global management and technology consultancy Capco, a Wipro company,has been recognized by OpenAI for both AI innovation and responsible AI leadership. Capco received the AI Governance & Risk Excellence Award at the recent OpenAI Partner Summit 2026 in San Francisco, highlighting Capco’s ability to deliver enterprise-grade AI outcomes in highly regulated environments. The award recognizes Capco’s expert advantage when helping financial services and energy organizations to scale AI with confidence, balancing innovation with strong governance to reduce risk, strengthen compliance and improve customer outcomes. This award follows Capco winning the OpenAI Codex Hackathon, where its UK AI Lab competed against more than 30 teams and over 100 participants from across the OpenAI partner ecosystem. Capco's winning entry Sentra – a consulting-led, AI-powered retail banking solutio
Incyte Announces Positive CHMP Opinion for Opzelura® (ruxolitinib) Cream for the Treatment of Adults with Moderate Atopic Dermatitis26.6.2026 13:30:00 CEST | Press release
If approved, Opzelura® (ruxolitinib) cream will be the first steroid-free, topical JAK treatment option in the European Union (EU) for adults with moderate atopic dermatitis (AD) for whom standard topical therapies have failedAD, the most common type of eczema which affects 230 million people globally,1 is a chronic, recurring, inflammatory and highly pruritic (itchy) skin condition that can have a significant impact on daily life2Phase 3 TRuE‑AD4 data supporting the positive CHMP opinion demonstrated that ruxolitinib cream met both co‑primary endpoints at Week 8, maintained disease control with as-needed treatment through Week 24 and was well tolerated3,4,5 Incyte (Nasdaq: INCY) today announced that the Committee for Medicinal Products for Human Use (CHMP) of the European Medicines Agency (EMA) has issued a positive opinion recommending the approval of Opzelura® (ruxolitinib) cream for the treatment of moderate atopic dermatitis (AD) in adult patients for whom topical corticosteroids
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom