MA-VERACODE
Veracode , a leading global provider of application security testing solutions, today released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18 percent of applications containing a serious vulnerability, suggesting financial firms should prioritize identifying and remediating the flaws that matter most.
The findings were outlined in the company’s annual State of Software Security report v12, which analyzed 20 million scans across half a million applications in the financial, technology, manufacturing, retail, healthcare and government sectors. Across the six industries, the financial sector has the second-lowest proportion of applications containing security flaws, at 73 percent. In last year’s report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year’s study. Despite having fewer flaws overall, the financial services sector comes joint last with technology and government for the lowest proportion of flaws that are fixed.
“One of the advantages of serving the software development community for so many years is that Veracode can see changes in development practices across industries over time. We found that while financial services applications have fewer security flaws than last year, the sector lags behind other industries when it comes to fix rate. Our research showed that security training can significantly improve remediation speeds, and that companies whose development teams had completed hands-on training using real-life applications fixed flaws 35 percent faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.
Securing the Global Software Supply Chain
While there is undoubtedly still room for progress in terms of both flaw prevalence and remediation rates, when financial services organizations do fix vulnerabilities, they move at a quicker pace than most.
Eng said, “The U.S. Executive Order on Cybersecurity, alongside mandates on security controls regarding open-source usage, such as GDPR and the New York Department of Financial Services Cybersecurity Regulations, has highlighted the importance of securing the software supply chain. Being a highly regulated sector may go some way to explain the financial industry’s relative speed in addressing vulnerable libraries discovered through software composition analysis (SCA).”
Flaws in third-party libraries found through SCA tend to stick around longer for all industries, with 30 percent still unresolved after two years. When it comes to addressing open-source vulnerabilities, however, the finance sector remediates at the same pace as other industries for the first year but then quickens its pace to gain a month on the cross-industry average.
Although the finance sector outperforms most other industries in fix times for flaws discovered by dynamic, SCA, and static, the study found there is still ample room for continued improvement when looking at the number of days it takes to resolve 50 percent of flaws—116 days for dynamic analysis, 385 days for SCA, and 288 days for static analysis. With third-party components comprising as much as 90 percent* of an application’s codebase, scanning early and often using a combination of testing types reduces unplanned emergency remediation work and mitigates the risk of introducing third-party security flaws into software.
The Veracode State of Software Security v12 financial services snapshot is available to download here and a video of the findings is available to watch here .
* The Linux Foundation Statista, Joseph Perlow, “A Summary of Census II: Open Source Software Application Libraries the World Depends On”: https://www.statista.com/statistics/617136/digital-population-worldwide/ , March 7, 2022
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com , on the Veracode blog and on Twitter .
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220823005500/en/
Link:
Social Media:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Andersen Consulting styrker sine kompetencer inden for digital transformation med Criticalcase14.11.2025 19:44:00 CET | Pressemeddelelse
Andersen Consulting styrker sine kompetencer gennem en samarbejdsaftale med Criticalcase, der er et europæisk firma med speciale i cloud-infrastruktur, cybersikkerhed og administrerede it-tjenester. Criticalcase blev grundlagt i 1999 og har hovedsæde i Italien og har markeret sig inden for cloud-sektoren ved at designe og vedligeholde komplekse infrastrukturer for mellemstore og store virksomheder. Gennem skræddersyede løsninger tilbyder virksomheden et omfattende udvalg af tjenester, herunder sikkerhed, overvågning døgnet rundt og systemadministration, hvilket skaber pålidelighed, optimal ydeevne og beskyttelse helt ned til operativsystemniveau. "Vores mission har altid været at guide kunder gennem komplekse teknologiske udfordringer med en strategisk og praktisk tilgang," siger Luca Nunno, der er CEO for Criticalcase. "Samarbejdet med Andersen Consulting giver os mulighed for at få vores ekspertise ud til et bredere globalt publikum og skabe værdi gennem innovation og digital ekspert
Andersen Consulting samarbejder med TruScore14.11.2025 16:15:00 CET | Pressemeddelelse
Andersen Consulting annoncerer en samarbejdsaftale med TruScore, som styrker virksomhedens kompetencer inden for humankapital og hjælper kunder med at opbygge stærkere ledelsesteams og organisatoriske kulturer. Truscore, der har hovedsæde i USA, specialiserer sig i at levere fuldt skræddersyede survey-hosting-løsninger, der gør det muligt for organisationer at gennemføre whitelabel-vurderingsordninger, der er skalerbare, sikre og tilpasset deres specifikke behov. TruScore tilbyder avancerede 360-graders feedbackløsninger og samarbejder med Fortune 500-virksomheder, ledelsesudviklingsfirmaer og uafhængige coaches om at designe og administrere deres egne vurderingsplatforme og -oplevelser. "I nutidens dynamiske forretningsmiljø har organisationer brug for mere end blot en strategi – de har brug for stærk og robust ledelse for at kunne omsætte strategien til succes," siger Derek Murphy, CEO for TruScore. "Gennem dette samarbejde med Andersen Consulting kan vi få vores ekspertise inden for
SBC Medical Group Enters the Thai Market through Partnership with BLEZ14.11.2025 13:47:00 CET | Press release
-- Advancing Its Overseas Growth Strategy to Expand Japanese-Quality Aesthetic Medicine Across Asia Following Singapore -- SBC Medical Group Holdings Incorporated (Nasdaq: SBC) (“SBC Medical” or the “Company”), a global provider of comprehensive consulting and management services to the medical corporations and their clinics, today announced that it has entered into a Consulting Agreement with BLEZ ASIA Co., Ltd. (Headquarters: Bangkok, Thailand; CEO: Naoki Iida; “BLEZ”), which operates more than 20 pharmacies and clinics in Thailand and is widely trusted by both Japanese expatriates and local patients. The partnership is a key component of SBC’s broader Asia strategy and represents a significant step toward full-scale entry into the rapidly growing Thai aesthetic medicine market. Under the agreement, SBC will provide comprehensive management support to a new clinic focused primarily on dermatological treatments such as pigmentation and spot removal, which BLEZ is preparing to open in
SBC Medical Group Holdings Announces Third Quarter 2025 Financial Results14.11.2025 13:00:00 CET | Press release
SBC Medical Group Holdings Incorporated (Nasdaq: SBC) (“SBC Medical” or the “Company”), a global provider of comprehensive consulting and management services to the medical corporations and their clinics, today announced its financial results for the third quarter of fiscal year 2025 (three months ended September 30, 2025) and for the third quarter cumulative of fiscal year 2025 (Year-to-Date 2025, nine months ended September 30, 2025) Third Quarter 2025 Highlights Total revenues were $43 million, representing an 18% year-over-year decrease. Income from operations was $16 million, representing a 15% year-over-year increase. Net Income attributable to SBC Medical Group was $13 million , representing an 353% year-over-year increase. Earnings per share, which is defined as net income attributable to the Company divided by the weighted average number of outstanding shares, was $0.12 for the three months ended September 30, 2025, compared to $0.03 in the same period of 2024. EBITDA1, which
Ant Group Chairman Eric Jing Outlines Strategy for Inclusive AI, Collaboration on Tokenised Settlement14.11.2025 11:15:00 CET | Press release
AI-as-a-Service applications will make AI virtual CFO and COO for SMEsPublic-private collaboration in regulatory sandboxes help to provide clarity and certainty when it comes to new technology like tokenisation and AI Eric Jing, Chairman of Ant Group, said the company's focus is on putting new payment and operation tools powered by AI and tokenisation technology in the hands of SMEs, to fully embrace the next wave of global productivity revolution. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251114239737/en/ Ant Group Chairman Eric Jing (second from right) shares insights during a panel discussion titled “Steering the Global Future” during the Singapore FinTech Festival on November 14, 2025. “We are passionate about using frontier technology to support SMEs and the use of AI will really uplift inclusion,” Jing said during a panel discussion titled “Steering the Global Future” during the Singapore FinTech Festival on Novem
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom