MA-VERACODE
23.8.2022 14:21:12 CEST | Business Wire | Press release
Veracode , a leading global provider of application security testing solutions, today released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18 percent of applications containing a serious vulnerability, suggesting financial firms should prioritize identifying and remediating the flaws that matter most.
The findings were outlined in the company’s annual State of Software Security report v12, which analyzed 20 million scans across half a million applications in the financial, technology, manufacturing, retail, healthcare and government sectors. Across the six industries, the financial sector has the second-lowest proportion of applications containing security flaws, at 73 percent. In last year’s report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year’s study. Despite having fewer flaws overall, the financial services sector comes joint last with technology and government for the lowest proportion of flaws that are fixed.
“One of the advantages of serving the software development community for so many years is that Veracode can see changes in development practices across industries over time. We found that while financial services applications have fewer security flaws than last year, the sector lags behind other industries when it comes to fix rate. Our research showed that security training can significantly improve remediation speeds, and that companies whose development teams had completed hands-on training using real-life applications fixed flaws 35 percent faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.
Securing the Global Software Supply Chain
While there is undoubtedly still room for progress in terms of both flaw prevalence and remediation rates, when financial services organizations do fix vulnerabilities, they move at a quicker pace than most.
Eng said, “The U.S. Executive Order on Cybersecurity, alongside mandates on security controls regarding open-source usage, such as GDPR and the New York Department of Financial Services Cybersecurity Regulations, has highlighted the importance of securing the software supply chain. Being a highly regulated sector may go some way to explain the financial industry’s relative speed in addressing vulnerable libraries discovered through software composition analysis (SCA).”
Flaws in third-party libraries found through SCA tend to stick around longer for all industries, with 30 percent still unresolved after two years. When it comes to addressing open-source vulnerabilities, however, the finance sector remediates at the same pace as other industries for the first year but then quickens its pace to gain a month on the cross-industry average.
Although the finance sector outperforms most other industries in fix times for flaws discovered by dynamic, SCA, and static, the study found there is still ample room for continued improvement when looking at the number of days it takes to resolve 50 percent of flaws—116 days for dynamic analysis, 385 days for SCA, and 288 days for static analysis. With third-party components comprising as much as 90 percent* of an application’s codebase, scanning early and often using a combination of testing types reduces unplanned emergency remediation work and mitigates the risk of introducing third-party security flaws into software.
The Veracode State of Software Security v12 financial services snapshot is available to download here and a video of the findings is available to watch here .
* The Linux Foundation Statista, Joseph Perlow, “A Summary of Census II: Open Source Software Application Libraries the World Depends On”: https://www.statista.com/statistics/617136/digital-population-worldwide/ , March 7, 2022
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com , on the Veracode blog and on Twitter .
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220823005500/en/
Link:
Social Media:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Invivoscribe® Expands IVDR Portfolio with IdentiClone® Dx IGH Assay Certification26.3.2026 06:13:00 CET | Press release
IdentiClone® Dx IGH is the first IVDR-certified assay for the detection of clonal immunoglobulin gene rearrangements in patients with suspected B-cell lymphoproliferative disease. Invivoscribe, a global leader in precision diagnostics and measurable residual disease (MRD) testing, is proud to announce that its IdentiClone Dx IGH Assay has received In Vitro Diagnostic Regulation (IVDR) 2017/746 Class C certification in the European Union (EU). Commercial availability of the IVDR-certified assay is anticipated by early April 2026. The IVDR replaces the former In Vitro Diagnostics Directive (IVDD), introducing significantly more stringent requirements for clinical evidence, performance evaluation, traceability, and post-market surveillance. Under IVDR, in vitro diagnostic devices are classified according to risk from Class A (lowest risk) to Class D (highest risk). Class C devices, such as IdentiClone Dx IGH, are considered high-risk tests that play a critical role in disease diagnosis an
Dominican Republic Drives Modernization of Electronic Passports Under the Leadership of the Thales - MIDAS Consortium25.3.2026 23:22:00 CET | Press release
The General Directorate of Passports, together with the Presidency of the Dominican Republic, are leading the transformation of the country’s passport issuance system with a new, secure, efficient document aligned with international standards.In 2025, the Thales-MIDAS consortium was awarded the contract to develop, issue, and personalize a modern, secure, and highly reliable travel document for Dominican citizens, incorporating additional cybersecurity measures. The Presidency of the Dominican Republic, through the General Directorate of Passports, issued the country’s first electronic passport as part of its strategy to modernize and strengthen national security. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260324368065/en/ Passport of the Dominican Republic The new document was developed in partnership with Thales, world leader in advanced technologies for the Defense, Aerospace, Cybersecurity, and Digital sectors, and M
3D Systems Achieves Full-Scope EU MDR Certification, Accelerating European Launch of NextDent® Jetted Denture Solution Targeted for Summer 202625.3.2026 17:20:00 CET | Press release
Certification Marks Major Milestone in Strategic Dental Growth Initiative Addressing Straightening, Protection, Repair and Replacement of Teeth 3D Systems (NYSE: DDD) today announced it has received full-scope certification under the European Union Medical Device Regulation (EU MDR) 2017/745. The certification was attained on Monday, March 16, 2026. This milestone confirms that the Company’s quality system, technical documentation, and clinical evidence meet the most rigorous regulatory requirements in the medical device sector. With the MDR certificate in hand, 3D Systems will now introduce MDR-compliant product versions through a carefully coordinated, phased rollout across its dental product families and European markets. This approach ensures a smooth transition while maintaining uninterrupted product availability for customers and healthcare providers. The EU MDR certification immediately enables the introduction of innovative new materials and is a pivotal step for one of 3D Syst
Visa to Bring Privacy-Preserving Payments to Canton Network25.3.2026 17:00:00 CET | Press release
Visa is the first payments company selected to become a Super Validator on the Canton Network, where it will help banks and financial institutions bring new payment flows onchain Visa (NYSE:V), a global leader in digital payments, today announced it will join the Canton Network as the first major global payments company to serve as a Super Validator, to help extend privacy‑preserving blockchain infrastructure to banks and financial institutions around the world. Visa will be one of 40 Super Validators on Canton. That move goes straight to a core challenge for financial institutions: the same transparency that gives blockchains their appeal can clash with privacy expectations financial institutions operate under. Canton Network, a blockchain built for regulated finance, has privacy built in from the beginning, so organizations can use shared infrastructure without exposing sensitive information. As a Super Validator, Visa will help clients who choose to run and secure operations on the
ECU Worldwide Unveils XLERATE 2.0 Expansion to Bypass Asia–Europe Supply Chain Disruptions25.3.2026 14:30:00 CET | Press release
Strategic LAX gateway enables faster, predictable cargo movement through a reimagined sea–air logistics model ECU Worldwide, Allcargo Globals’ wholly-owned global subsidiary, has announced a strategic expansion of its transformative logistics solution, XLERATE 2.0, to provide a high-speed and resilient alternative to Asia-to-Europe trade lanes facing transit disruptions. Under this alternative routing, cargo is transported across the Pacific to the US West Coast, using Los Angeles (LAX) as a temporary hub. The solution leverages XLERATE 2.0’s premium, time-definite ocean services, ensuring greater transit agility and continuity. XLERATE 2.0 offers two distinct shipping solutions from China and Vietnam, providing shippers with flexibility as traditional trade arteries remain impacted by shifts in global logistics. These changes have led to reduced overall capacity and the disruption of standard sea–air services via conventional transit points. Commenting on the rollout, Simon Bajada, Re
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom