Business Wire

MA-VERACODE

23.8.2022 14:21:12 CEST | Business Wire | Press release

Share
Financial Services Software Has Fewer Security Flaws Than Most Industries

Veracode , a leading global provider of application security testing solutions, today released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18 percent of applications containing a serious vulnerability, suggesting financial firms should prioritize identifying and remediating the flaws that matter most.

The findings were outlined in the company’s annual State of Software Security report v12, which analyzed 20 million scans across half a million applications in the financial, technology, manufacturing, retail, healthcare and government sectors. Across the six industries, the financial sector has the second-lowest proportion of applications containing security flaws, at 73 percent. In last year’s report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year’s study. Despite having fewer flaws overall, the financial services sector comes joint last with technology and government for the lowest proportion of flaws that are fixed.

“One of the advantages of serving the software development community for so many years is that Veracode can see changes in development practices across industries over time. We found that while financial services applications have fewer security flaws than last year, the sector lags behind other industries when it comes to fix rate. Our research showed that security training can significantly improve remediation speeds, and that companies whose development teams had completed hands-on training using real-life applications fixed flaws 35 percent faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.

Securing the Global Software Supply Chain

While there is undoubtedly still room for progress in terms of both flaw prevalence and remediation rates, when financial services organizations do fix vulnerabilities, they move at a quicker pace than most.

Eng said, “The U.S. Executive Order on Cybersecurity, alongside mandates on security controls regarding open-source usage, such as GDPR and the New York Department of Financial Services Cybersecurity Regulations, has highlighted the importance of securing the software supply chain. Being a highly regulated sector may go some way to explain the financial industry’s relative speed in addressing vulnerable libraries discovered through software composition analysis (SCA).”

Flaws in third-party libraries found through SCA tend to stick around longer for all industries, with 30 percent still unresolved after two years. When it comes to addressing open-source vulnerabilities, however, the finance sector remediates at the same pace as other industries for the first year but then quickens its pace to gain a month on the cross-industry average.

Although the finance sector outperforms most other industries in fix times for flaws discovered by dynamic, SCA, and static, the study found there is still ample room for continued improvement when looking at the number of days it takes to resolve 50 percent of flaws—116 days for dynamic analysis, 385 days for SCA, and 288 days for static analysis. With third-party components comprising as much as 90 percent* of an application’s codebase, scanning early and often using a combination of testing types reduces unplanned emergency remediation work and mitigates the risk of introducing third-party security flaws into software.

The Veracode State of Software Security v12 financial services snapshot is available to download here and a video of the findings is available to watch here .

* The Linux Foundation Statista, Joseph Perlow, “A Summary of Census II: Open Source Software Application Libraries the World Depends On”: https://www.statista.com/statistics/617136/digital-population-worldwide/ , March 7, 2022

About the State of Software Security Report

The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.

The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com , on the Veracode blog and on Twitter .

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

Link:

ClickThru

Social Media:

https://www.facebook.com/VeracodeInc/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Access Advance Welcomes Samsung and Sharp to the VVC Advance Patent Pool6.7.2026 02:00:00 CEST | Press release

Access Advance LLC today announced significant additions to the VVC Advance Patent Pool, including Samsung Electronics and Sharp Corporation joining as both Licensors and Licensees. The additions strengthen Access Advance's position in VVC licensing, bringing two of the world's largest video codec patent holders into the program on both sides of the license. "The growth we are seeing in VVC Advance reflects the broad range of industries and companies that are moving toward VVC as the next standard for video delivery," said Peter Moller, CEO of Access Advance. "Samsung and Sharp joining as both Licensors and Licensees is significant, but so is the participation of leading smartphone brands and the range of consumer electronics and technology companies now executing licenses. We are building a program that reflects where the video market is actually heading." The following companies have joined the VVC Advance Patent Pool as Licensees since the beginning of 2026: American Future Technolo

Kioxia and Sandisk Begin Production of 10th-Generation 3D Flash Memory Products atKitakami Plant Fab23.7.2026 12:19:00 CEST | Press release

Companies Showcase Ongoing Buildout of Manufacturing Infrastructure at K2 to Address Growing Demand for NAND Flash Kioxia Corporation, a subsidiary of Kioxia Holdings Corporation (TOKYO: 285A) and Sandisk Corporation (Nasdaq: SNDK) today announced the start of production for their 10th-generation 3D Flash memory technology at Fab2 (K2) at the Kitakami Plant in Iwate Prefecture in Japan. The milestone comes as the companies continue to drive meaningful, multi-year bit growth to address the strong demand for their innovative flash memory technology. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260702296115/en/ Unveiling ceremony for the K2 facility In conjunction with the start of production, the companies held an unveiling ceremony for the K2 facility. Opening in September 2025, the facility has produced the companies’ 8th-generation 3D flash memory products and will begin to scale production with the introduction of their

VeriSilicon Introduces CPP2000 Camera Post-Processing IP for Embodied Robotics and Mobile Vision Applications3.7.2026 12:02:00 CEST | Press release

Enhancing image quality and visual perception for moving-camera systems VeriSilicon (688521.SH) today announced its high-performance CPP2000 Camera Post-Processing (CPP) IP, expanding the company’s Image Signal Processing (ISP) solutions with advanced post-processing capabilities. By improving image quality and visual perception in mobile imaging scenarios, CPP2000 enables more reliable vision performance in robotics, drones, and other mobile vision applications. CPP2000 integrates multiple image processing technologies and can further optimize YUV images output from image signal processors. The IP supports image and video processing at up to 8K resolution and offers multiple hardware configuration options to meet diverse requirements in Power, Performance, Area (PPA), and latency across different applications. CPP2000 leverages the combined operation of multiple image processing technologies, including motion-compensated temporal filtering, advanced spatial noise reduction, chroma adj

Messer Acquires Singapore-Based Industrial Gas Platform; Japan Corporate Advisory Institute Advises Sellers3.7.2026 11:11:00 CEST | Press release

Acquisition of WKS Group strengthens Messer’s Southeast Asia presence Messer, the world’s largest privately held specialist for industrial, medical, electronic and specialty gases, has acquired WKS Group, a Singapore-based industrial gas platform with operations across Singapore and southern Malaysia. Transaction terms were not disclosed. Messer reported consolidated sales of approximately EUR 4.5 billion for its 2025 financial year. Founded in Singapore in 1977, WKS Group comprises six companies and employs approximately 195 people across Singapore and southern Malaysia. The acquisition expands Messer’s operating footprint in Southeast Asia and strengthens its access to key industrial clusters across the region. “We are pleased to have completed this transaction with Messer, whose strategic vision makes them an excellent partner for WKS Group,” said Mr. Wong Koh Hoi, shareholder of WKS Group. “We appreciate JCAI’s professionalism and dedication throughout the process, and their expert

Access Advance Welcomes Meta Platforms, Inc. and Alibaba Group to the Video Distribution Patent Pool3.7.2026 01:00:00 CEST | Press release

Access Advance LLC today announced that Meta Platforms, Inc., one of the world's largest distributors of video content across its Facebook, Instagram, Threads, and WhatsApp services, has joined the Video Distribution Patent Pool (VDP Pool) as a Licensee. Meta also joined both the HEVC Advance and VVC Advance pools as a Licensee. Alibaba Group, whose video infrastructure spans a wide range of video-based services across e-commerce, entertainment, and digital media platforms, was also announced as a VDP Pool Licensee this week. Meta and Alibaba joining the VDP Pool further reinforces the program’s market leading position in resolving the licensing issues around the use of modern video codecs, including VP9, AV1, HEVC and VVC, across all the diverse business models of internet video streaming. "A significant U.S.-based company like Meta joining as a Licensee is a milestone moment for the content distribution business and the VDP Pool," said Peter Moller, CEO of Access Advance. "Meta reach

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye