MA-VERACODE
23.8.2022 14:21:12 CEST | Business Wire | Press release
Veracode , a leading global provider of application security testing solutions, today released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18 percent of applications containing a serious vulnerability, suggesting financial firms should prioritize identifying and remediating the flaws that matter most.
The findings were outlined in the company’s annual State of Software Security report v12, which analyzed 20 million scans across half a million applications in the financial, technology, manufacturing, retail, healthcare and government sectors. Across the six industries, the financial sector has the second-lowest proportion of applications containing security flaws, at 73 percent. In last year’s report, the industry boasted the lowest number of software security flaws across all sectors but has been overtaken by manufacturing in this year’s study. Despite having fewer flaws overall, the financial services sector comes joint last with technology and government for the lowest proportion of flaws that are fixed.
“One of the advantages of serving the software development community for so many years is that Veracode can see changes in development practices across industries over time. We found that while financial services applications have fewer security flaws than last year, the sector lags behind other industries when it comes to fix rate. Our research showed that security training can significantly improve remediation speeds, and that companies whose development teams had completed hands-on training using real-life applications fixed flaws 35 percent faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.
Securing the Global Software Supply Chain
While there is undoubtedly still room for progress in terms of both flaw prevalence and remediation rates, when financial services organizations do fix vulnerabilities, they move at a quicker pace than most.
Eng said, “The U.S. Executive Order on Cybersecurity, alongside mandates on security controls regarding open-source usage, such as GDPR and the New York Department of Financial Services Cybersecurity Regulations, has highlighted the importance of securing the software supply chain. Being a highly regulated sector may go some way to explain the financial industry’s relative speed in addressing vulnerable libraries discovered through software composition analysis (SCA).”
Flaws in third-party libraries found through SCA tend to stick around longer for all industries, with 30 percent still unresolved after two years. When it comes to addressing open-source vulnerabilities, however, the finance sector remediates at the same pace as other industries for the first year but then quickens its pace to gain a month on the cross-industry average.
Although the finance sector outperforms most other industries in fix times for flaws discovered by dynamic, SCA, and static, the study found there is still ample room for continued improvement when looking at the number of days it takes to resolve 50 percent of flaws—116 days for dynamic analysis, 385 days for SCA, and 288 days for static analysis. With third-party components comprising as much as 90 percent* of an application’s codebase, scanning early and often using a combination of testing types reduces unplanned emergency remediation work and mitigates the risk of introducing third-party security flaws into software.
The Veracode State of Software Security v12 financial services snapshot is available to download here and a video of the findings is available to watch here .
* The Linux Foundation Statista, Joseph Perlow, “A Summary of Census II: Open Source Software Application Libraries the World Depends On”: https://www.statista.com/statistics/617136/digital-population-worldwide/ , March 7, 2022
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com , on the Veracode blog and on Twitter .
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220823005500/en/
Link:
Social Media:
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Mouser's Rise of the Robots Program Explores Humanoid Design Considerations2.6.2026 17:19:00 CEST | Press release
Mouser Electronics, Inc., the authorized global distributor with the newest electronic components and industrial automation products, today announced the latest installment of its Empowering Innovation Together (EIT) technology series, Rise of the Robots, which explores key technologies behind humanoid robots and their potential for transformation. The series shares how these robots have progressed from simple machinery to critical tools used in caregiving, industrial automation, education, and even in the harshest environments. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260602293561/en/ The latest EIT installment explores the engineering design process, system integration challenges, and the role of legacy infrastructure, safety, and ROI in shaping scalable humanoid robot deployment. While science fiction has long envisioned robots resembling humans, recent advances in sensing, actuation, AI, embedded computing, and pow
Blue Cloud Ventures Announces Final Close of Blue Cloud Ventures V2.6.2026 16:35:00 CEST | Press release
With over $1B in assets under management, Blue Cloud Ventures strengthens its commitment to the next generation of AI-driven enterprise software companies Blue Cloud Ventures (BCV), a venture growth firm focused on investing in enterprise software companies, announced the final close of its fifth fund, Blue Cloud Ventures V (BCV V). This milestone reinforces the firm’s continued mission to back category-defining companies that are poised to thrive in the age of AI. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260602186634/en/ At the core of BCV’s strategy is building deep conviction in and backing companies that possess the potential to define or reshape entire industries. With BCV V, the firm is doubling down on its AI-first investment thesis, aiming to back and support visionary teams on their long-term growth journey as they build the systems that will serve as the backbone of the modern enterprise. Blue Cloud typically
IQM, a Global Leader in Quantum Computing, and Real Asset Acquisition Corp. Announce Upsized USD 146 million PIPE with New Commitment from Ilmarinen2.6.2026 16:17:00 CEST | Press release
IQM in conjunction with its SPAC partner, Real Asset Acquisition Corp., increased commitments to its PIPE due to upsized demand. This additional commitment comes from a new investor, Ilmarinen, one of Finland’s largest private earnings-related pension insurance companies. This brings total PIPE commitments from leading new and existing investors to over USD 146 million. The transaction values IQM at a pre-money equity valuation of approximately USD 1.8 billion and a cash position expected to be up to EUR 406 million (USD 477 million1). Significant business momentum, with 2025 revenue of EUR 31 million (USD 36 million2). IQM Finland Oy, a global leader in full-stack superconducting quantum computers (“IQM”, “IQM Quantum Computers” or the “Company”) and Real Asset Acquisition Corp. (Nasdaq: RAAQ), a special purpose acquisition company (“RAAQ”), today announced an additional PIPE commitment from Ilmarinen in connection with the previously announced business combination between IQM and RAA
Laserfiche Launches on AWS Marketplace, Bringing Intelligent Content Management to the Enterprise2.6.2026 16:00:00 CEST | Press release
Organizations can now seamlessly procure Laserfiche document management to support and scale information governance and workflow automation. Laserfiche — the leading SaaS provider of intelligent content management — has partnered with AWS to make Laserfiche available through AWS Marketplace. This collaboration enables AWS customers to seamlessly procure Laserfiche’s document management platform to manage content, automate workflows and implement agentic AI capabilities. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260602537198/en/ Laserfiche intelligent content management is now available to procure directly through AWS Marketplace. “We’re excited about this evolution of our long-standing partnership with AWS,” said Thomas Phelps, Laserfiche senior vice president of corporate strategy and CIO. “AWS Marketplace provides a near-frictionless experience for Laserfiche direct customers who want to accept negotiated private offe
Experian Brings Trusted Agentic AI to Financial Services With the Launch of Agent Operating System™2.6.2026 15:05:00 CEST | Press release
A new core capability within Experian’s Ascend Platform, designed to help financial services organisations safely scale agentic AI across the lending lifecycleBrings together Experian, client and partner AI agents within a trusted operating layer for data, decisioning, governance and control55% of consumers say they would allow an AI agent to make an autonomous purchase on their behalfServiceNow becomes first partner to integrate with Experian’s Agent Operating System Experian today announces the launch of the Agent Operating System™, a trusted agentic AI layer within the Experian Ascend Platform, unveiled at Money20/20 Europe. The Experian Agent Operating System is designed to help financial services organisations move successfully beyond AI experimentation and safely scale agentic AI to transform decision-making, customer experiences, and day-to-day operations. It enables AI agents from Experian, clients and partners to work together through a common trust, semantic and orchestration
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom