MA-VERACODE
Veracode, a leading global provider of application security testing solutions, today revealed that the healthcare sector takes first place for the proportion of software security flaws that are fixed, at 27 percent. The sector overtook financial services as the top-performing industry, demonstrating healthcare providers have made good headway toward the goal of making their software more secure over the past year.
The data was published in the company’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the healthcare, financial, technology, manufacturing, retail, and government sectors.
Chris Eng, Chief Research Officer at Veracode, said, “Healthcare is one of the more highly regulated sectors and is considered critical infrastructure by the government, so it’s encouraging to see the sector performs comparatively well in terms of overall flaw remediation. We hope healthcare developers and IT staff see this as a welcome ray of sunshine amidst the all-too-often gloomy realm of software security. There is still work to do, so here’s to more improvements in the years to come.”
Despite taking the top spot for fix rate, 77 percent of applications in the healthcare industry contain vulnerabilities, with 21 percent of applications containing high severity vulnerabilities. The sector also has ample room for improvement in terms of the time spent to fix flaws once they’re detected, taking up to a whopping 447 days to reach the halfway point of remediation.
Healthcare Breach Costs Are the Most Expensive
With healthcare companies incurring the highest average breach costs, at a new record high of $10.1 million*, taking proactive steps to minimize the risk of a cyberattack is imperative. Since data breaches in highly regulated industries tend to be associated with larger long-term costs that accrue over the ensuing years, the industry would benefit from even greater comprehensive efforts to address security earlier in the software development lifecycle.
Of the six industries analyzed, healthcare providers rank toward the bottom for the proportion of applications with any flaws, and second to last for the percentage of high-severity flaws—defined as those that present a serious risk to the application and organization if they were to be exploited. When it comes to the types of flaws discovered from dynamic analysis of applications in the sector, compared to other industries healthcare providers perform well for authentication issues and insecure dependencies, but have a higher incidence of cryptographic and deployment configuration issues.
Eng said, “We know that no application will ever be 100 percent free of security flaws, so it’s important that businesses take all necessary steps to minimize risk as much as possible. This includes scanning at a regular, rapid pace using multiple testing types, integrating testing tools into developer environments, and providing hands-on training to help developers understand the origin of flaws and how to fix or prevent them entirely. The healthcare sector should also take extra care to prioritize critical flaws—those vulnerabilities that could have a catastrophic impact if left unaddressed for too long.”
Andrew McCall, Vice President of Engineering, Azalea Health Innovations, said, “The biggest obstacle to building security into our workflows is that developers will treat security as just a checkbox. But security is an ongoing process and has to be top of mind throughout the software development life cycle. We chose Veracode because it was the easiest and best solution when it comes to integrating into our existing processes.”
Third-party Library Security
Considering a sharp increase in regulations to secure the software supply chain over the past year, the report analyzed third-party libraries to identify how vulnerabilities discovered through software composition analysis (SCA) behave. Overall, around 30 percent of vulnerable libraries remain unresolved after two years; however, that statistic reduces to 25 percent for the healthcare sector. In fact, while the overall ratio of vulnerable libraries found by SCA trends down steadily over time, healthcare experienced a brief upward spike before driving rates down dramatically over the last year or so.
The Veracode State of Software Security v12 healthcare snapshot is available to download here and the full report is available here.
* IBM Security and The Ponemon Institute, “Cost of a Data Breach Report 2022”: https://www.ibm.com/downloads/cas/3R8N1DZJ, July 2022
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220922005100/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Mori Memorial Foundation’s Global Power City Index 2025 Sees City Rankings Shift Due to Tourism Gains in East Asia and Inflationary Pressures in the West17.12.2025 04:00:00 CET | Press release
The Mori Memorial Foundation’s Institute for Urban Strategies, a research body established by Mori Building, Tokyo’s leading urban landscape developer, today published its annual Global Power City Index (GPCI) 2025, a report evaluating the urban competitiveness of 48 major cities worldwide. The report also includes the GPCI–Financial Centers index, an assessment of cities as international financial centers, and the new GPCI–Startup Ecosystems index, which assesses the competitiveness of startup environments. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251216187692/en/ 48 Major Cities Evaluated in Mori Memorial Foundation’s GPCI-2025 Report This year’s report highlights the remarkable rise of East Asian cities and the stagnation of several Western cities, showing how global challenges, such as geopolitical tensions and regional disparities in inflation, are greatly impacting the performance of major cities worldwide. The r
GE HealthCare and Indonesia’s Ministry of Health to expand access to quality care through the provision of 300+ advanced CT scanners17.12.2025 03:00:00 CET | Press release
300+ advanced CT scanners to be installed in public hospitals across 38 provinces by 2028, to support early diagnosis and treatment of non-communicable diseases. Collaboration supports Indonesian Government’s agenda to enhance diagnostic access and build national healthcare resilience. Multi-year agreement builds on GE HealthCare’s continued investment in local manufacturing, capability building and knowledge transfer to strengthen Indonesia’s healthcare ecosystem. GE HealthCare (Nasdaq: GEHC) today announced it will supply more than 300 CT (computed tomography) scanners under Indonesia’s Strengthening Indonesia’s Health Referral Network (SIHREN) program to deliver equitable, high-quality care to more than 280 million Indonesians. As part of a competitively awarded, multi-year contract, GE HealthCare will supply the advanced CT scanners to public hospitals across all 38 provinces, including urban and remote areas. The CT scanner procurement under SIHREN was conducted through a fully co
IDWS 2025 Concludes with Focus on Global Knowledge Exchange, Financial Opportunities, and Scalable Water Solutions16.12.2025 20:03:00 CET | Press release
The 4th Innovation Driven Water Sustainability Conference (IDWS) 2025 concluded on Wednesday in Jeddah, confirming its status as one of the world’s most influential platforms for shaping the future of water innovation, sustainability, and security. Gathering senior global policymakers and international industry leaders, this year’s edition has advanced critical dialogue on safeguarding the planet’s most vital resource, with Saudi Arabia at the forefront. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251216483490/en/ Investors, innovators, and global institutions gather in Saudi to outline how capital, collaboration, and governance can accelerate long term water sustainability (Photo: AETOSWire) Among the most consequential engagements were a series of meetings that brought together discussions powered by SWA, centred on shared challenges, knowledge exchange, and exploring opportunities within the global water ecosystem. Att
OAG Appoints ex-Skyscanner Executive Filip Filipov as New Chief Executive Officer16.12.2025 17:00:00 CET | Press release
OAG announces today the appointment of Filip Filipov, ex-Skyscanner executive, as new Chief Executive Officer. Filip Filipov currently serves as the company’s Chief Operating Officer and takes over from Phil Callow who has chosen to step down having completed thirteen transformational years at the helm of OAG to pursue his many other interests. Since joining in 2024, Filipovhas played a leading role in the company’s ambitious next phase of growth and ongoing acceleration. He will now lead OAG into a new era defined by advanced data products and AI-driven intelligence. Before joining OAG, Filipov held senior roles in travel technology and big-data consulting, including on Skyscanner’s executive team. Filip Filipov said: “It’s a privilege to step into this role and lead a company with such a strong heritage and reputation. I’m excited for what’s ahead and committed to serving our customers with the reliability, service, and innovation they depend on.” Chairman of OAG, Gehan Talwatte, com
Xsolla Integrates SPENN in Rwanda and Zambia Giving Developers Access to a Strong Consumer-Merchant Ecosystem16.12.2025 16:49:00 CET | Press release
Developers Can Now Maximize Revenue and Boost Player Engagement with a New Integration Delivering a Smoother Checkout, Fewer Declines, and Access to a Growing Digital Wallet User Base Xsolla, a global video game commerce company that helps developers launch, grow, and monetize their games, today announced that it has added SPENN to its payments solution portfolio in Rwanda and Zambia. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251216303338/en/ Xsolla Integrates SPENN In Rwanda And Zambia Giving Developers Access To A Strong Consumer-Merchant Ecosystem Both Rwanda and Zambia are mobile-first, wallet-led economies where mobile money drives financial inclusion and rapid growth in digital transactions. Reports found that approximately 86% of Rwandan adults own or have used mobile money. As of mid-2024, mobile money transaction volumes in Zambia increased by 44% to 1.4 billion transactions from mid-2023. By adding SPENN as a
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom