MA-VERACODE
23.8.2022 14:21:12 CEST | Business Wire | Press release
Veracode , a leading global provider of application security testing solutions, today released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18 percent of applications containing a serious vulnerability, suggesting financial firms should prioritize identifying and remediating the flaws that matter most.
The findings were outlined in the company’s annual State of Software Security report v12, which analyzed 20 million scans across half a million applications in the financial, technology, manufacturing, retail, healthcare and government sectors. Across the six industries, the financial sector has the second-lowest proportion of applications containing security flaws, at 73 percent. In last year’s report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year’s study. Despite having fewer flaws overall, the financial services sector comes joint last with technology and government for the lowest proportion of flaws that are fixed.
“One of the advantages of serving the software development community for so many years is that Veracode can see changes in development practices across industries over time. We found that while financial services applications have fewer security flaws than last year, the sector lags behind other industries when it comes to fix rate. Our research showed that security training can significantly improve remediation speeds, and that companies whose development teams had completed hands-on training using real-life applications fixed flaws 35 percent faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.
Securing the Global Software Supply Chain
While there is undoubtedly still room for progress in terms of both flaw prevalence and remediation rates, when financial services organizations do fix vulnerabilities, they move at a quicker pace than most.
Eng said, “The U.S. Executive Order on Cybersecurity, alongside mandates on security controls regarding open-source usage, such as GDPR and the New York Department of Financial Services Cybersecurity Regulations, has highlighted the importance of securing the software supply chain. Being a highly regulated sector may go some way to explain the financial industry’s relative speed in addressing vulnerable libraries discovered through software composition analysis (SCA).”
Flaws in third-party libraries found through SCA tend to stick around longer for all industries, with 30 percent still unresolved after two years. When it comes to addressing open-source vulnerabilities, however, the finance sector remediates at the same pace as other industries for the first year but then quickens its pace to gain a month on the cross-industry average.
Although the finance sector outperforms most other industries in fix times for flaws discovered by dynamic, SCA, and static, the study found there is still ample room for continued improvement when looking at the number of days it takes to resolve 50 percent of flaws—116 days for dynamic analysis, 385 days for SCA, and 288 days for static analysis. With third-party components comprising as much as 90 percent* of an application’s codebase, scanning early and often using a combination of testing types reduces unplanned emergency remediation work and mitigates the risk of introducing third-party security flaws into software.
The Veracode State of Software Security v12 financial services snapshot is available to download here and a video of the findings is available to watch here .
* The Linux Foundation Statista, Joseph Perlow, “A Summary of Census II: Open Source Software Application Libraries the World Depends On”: https://www.statista.com/statistics/617136/digital-population-worldwide/ , March 7, 2022
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com , on the Veracode blog and on Twitter .
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220823005500/en/
Link:
Social Media:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
RS2 Launches “Beyond by RS2” to Power the Next Generation of European Fintech17.3.2026 08:00:00 CET | Press release
RS2, a Tier-1 global provider of payment processing infrastructure and technology solutions, today announced the launch of Beyond by RS2, a new digital payments brand designed to help fintech companies, platforms, and payment providers rapidly launch card issuing and payment acceptance services across Europe. Built on RS2’s globally proven BankWORKS platform, Beyond by RS2 offers fintechs a comprehensive sponsored issuer and acquiring program, enabling partners to issue cards and process payments without needing their own banking license or direct card scheme membership. The program leverages RS2’s Electronic Money Institution (EMI) license in Germany and its principal membership with Visa and Mastercard, allowing fintech partners to operate under RS2’s regulated infrastructure while maintaining their own customer experience and brand. “Beyond by RS2 represents a major step in our strategy to enable innovation in payments,” said Radi El Haj, CEO, RS2. “Fintechs today want to build powe
Fujirebio Announces CE Marking of the Fully Automated Lumipulse® G Nfl Blood Assay17.3.2026 07:00:00 CET | Press release
H.U. Group Holdings Inc., and its wholly owned subsidiary, Fujirebio Holdings, Inc. (hereinafter “Fujirebio”) today announced that Fujirebio Europe N.V. has obtained a CE Certificate of the Lumipulse G NfL Blood assay under the Regulation (EU) 2017/746 on in vitro diagnostic medical devices (IVDR). This CLEIA (chemiluminescent enzyme immunoassay) test allows for the quantitative measurement of Neurofilament light chain (NfL) in plasma and serum. “While our assay menu already features many powerful disease-specific biomarkers, NfL marks a major breakthrough: our first CE-marked blood test that empowers clinicians with insights across a wide range of neurological disorders,” said Christiaan De Wilde, CEO at Fujirebio Europe N.V. “We are excited to bring this test to our customers, further expanding our comprehensive portfolio of fully automated neurological disease testing solutions on the LUMIPULSE G platform. We continue to partner with organizations and clinical experts across the wor
H2SITE Appoints Javier Cavada as New Chairman of the Board of Directors17.3.2026 07:00:00 CET | Press release
H2SITE, a technology company delivering hydrogen production and separation solutions, announces the appointment of Javier Cavada as the new Chairman of the Board of Directors. Javier joins H2SITE at a strategic phase of accelerated industrial deployment and scale-up of its hydrogen solutions. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260316654723/en/ With more than 25 years of international leadership in the energy and industrial sectors, Javier brings extensive experience in industrialising complex technologies, building high-performance organisations, and scaling large-scale energy platforms. He currently serves as President and Chief Executive Officer of Mitsubishi Power EMEA. His track record also includes serving as CEO and President of Highview Power, as well as spending 17 years at Wärtsilä Corporation, where he held senior executive roles including President of the Energy division and a member of the global Exec
AMWC 2026: Galderma Showcases Category‑leading Innovation With a Comprehensive Portfolio and Holistic, Future‑focused Aesthetic Strategies17.3.2026 07:00:00 CET | Press release
Galderma will present nine posters spanning its full aesthetics portfolio at AMWC 2026, highlighting the regenerative benefits of Sculptra®, the long-lasting efficacy of Restylane®, and the advanced clinical performance of Relfydess® (RelabotulinumtoxinA) 1-9 The data reinforce Galderma’s future-focused approach to innovation, addressing emerging patient needs from menopause‑related skin changes to rising interest in body injectables and regenerative treatments A series of symposia and Masterclasses will further highlight Galderma’s leadership in aesthetics, showcasing how the portfolio supports complex patient profiles and evolving global trends Galderma (SIX: GALD) will present nine abstracts at the Aesthetic & Anti‑Aging Medicine (AMWC) World Congress 2026 in Monaco, showcasing innovative and robust scientific data across its aesthetics portfolio, alongside three symposia, and multiple Masterclasses and Meet‑the‑Expert sessions, all highlighting the expanding benefits of Sculptra, R
Miro Announces Asia Hub in Singapore to Accelerate Growth Across the Region and Bring AI Collaboration to New Markets17.3.2026 02:00:00 CET | Press release
AI Innovation Workspace perfectly placed to help organisations maximise AI investment and accelerate innovation Miro®, the AI Innovation Workspace for teams, today announced plans to expand its operations in Asia, supporting organisations across the region in their AI transformation journey. Miro is investing in people, resources, and infrastructure as it targets growth in key markets, including Singapore, India, South Korea, and other Southeast Asia countries. As the global innovation centre of gravity shifts toward Asia – where R&D spending reached 45% of global investment in 2024 – the organisations leading this charge need tools and platforms built for the complexity and pace of modern innovation and collaboration. Miro's AI-powered innovation workspace is uniquely positioned to support this moment. Miro gives organisations the shared context layer they need to move from insight to execution faster than ever before. For Asia's most ambitious innovators, where speed-to-market and cr
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom