MA-VERACODE
22.11.2022 13:51:37 CET | Business Wire | Press release
Veracode, a leading global provider of modern application security testing solutions, today revealed that almost three-quarters of applications in the retail & hospitality sector contain security flaws, but only 25 percent of these are fixed. Furthermore, 17 percent of these flaws are categorized as ‘high severity’, meaning they pose a serious risk to the business if exploited. With 76 percent of Americans planning to shop the Black Friday sales on 25 November*—and 56 percent planning to purchase entirely online**— retailers should take extra care to reinforce the security of their ecommerce systems, digital payment platforms, and supply chains.
The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the retail, manufacturing, healthcare, financial services, technology, and government sectors.
Chris Eng, Chief Research Officer at Veracode, said, “Maintaining customer loyalty and trust is priority number one for retailers, and this will be heightened during the Black Friday period. With the average cost of a data breach in the retail sector calculated at $3.28 million***, implementing robust tools and practices to secure the applications customers use to browse and make purchases is imperative.”
Despite the relatively low number of flaws that are fixed, the retail industry takes second place for overall remediation rate, highlighting the need for software security improvements from organizations across all sectors. Eng said, “Compared with other sectors, retailers are better at fixing flaws when they’re discovered. While this is encouraging, it’s clear more needs to be done across the board to integrate flaw identification and remediation into the software development pipeline so that vulnerabilities can be addressed more efficiently.”
Server configuration, insecure dependencies, and authentication issues are the most common types of application flaws across most industries. The retail & hospitality sector follows a similar pattern; however, the sector has higher percentages in nearly every flaw category—perhaps due to the greater functional complexity of customer-facing and back-office applications.
Flaw Fix Times Fluctuate in Retail
Veracode analyzed three different scan types to generate industry comparisons for fix times: dynamic analysis security testing (DAST), static analysis security testing (SAST), and software composition analysis (SCA). Retailers were found to be the quickest to address flaws discovered by DAST, at 70 days to reach the halfway point, which is a staggering 46 days faster than financial services in second place. When it came to SAST and SCA, however, the retail sector fell to the middle of the pack, taking 346 days and 470 days respectively to reach the halfway fix point.
Across all industries, flaws in third-party libraries discovered through SCA persist for longer than those found through SAST and DAST, with 30 percent of vulnerable libraries still unresolved after two years. For the retail sector, that statistic rises to 35 percent and lags the cross-industry average by more than six months. Nevertheless, retailers should be assured that the gap is never too wide to close. Indeed, Veracode’s 2021 State of Software Security report found 92 percent of open-source flaws can be easily fixed with a simple update, which is good news for retailers looking to secure their software supply chains.
In the run-up to Black Friday, and nearly one year since the infamous Log4j vulnerability was first reported, retailers will be on high alert to maintain the speed, efficiency, and security of their applications. Businesses should take extra care to uncover vulnerabilities in third-party software using a combination of SCA and development tools. Using this approach with Veracode, Darius Radford, Application Security Architect at specialty retailer Floor & Decor, was able to get a comprehensive view of risk posed by vulnerable libraries in the company’s software: “We were able to quickly figure out all the places running Log4j and remediate the situation.” Trey Tunnel, Floor and Decor’s Chief Information Security Officer, added, “Our customers are our top priority. With Veracode, we have the confidence that our software is secure and—more importantly—our customers have the confidence that our software is secure.”
The Veracode State of Software Security v12 retail & hospitality snapshot is available to download here and the full report is available here.
* Future Publishing, “Exploring the impact of rising inflation”, June 2022, https://go.future-advertising.com/Rising-Inflation-Research-Insights.html
** Dot Digital, “Black Friday Stats: Everything You Need to Know (updated 2022), Jenna Paton, 20 September 2022, https://dotdigital.com/blog/black-friday-cyber-monday-stats/
*** IBM Security and The Ponemon Institute, “Cost of a Data Breach Report 2022”, July 2022, https://www.ibm.com/downloads/cas/3R8N1DZJ
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221122005446/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Access Advance Welcomes Wave of New Licensees to the HEVC Advance Patent Pool8.7.2026 02:00:00 CEST | Press release
Access Advance LLC, the leading HEVC patent pool administrator, today announced a significant expansion of the HEVC Advance Patent Pool, with 28 companies executing licenses in the first half of 2026. The new Licensees span consumer electronics, automotive, telecommunications, industrial technology, and professional security, reflecting the breadth of industries in which HEVC has become a foundational video technology. "HEVC remains the cornerstone of modern video delivery, and the demand we are seeing from new Licensees speaks to the long-term commercial relevance of this technology," said Peter Moller, CEO of Access Advance. "HEVC licensing activity has been consistently strong, and we are pleased to welcome a number of important new participants to the program." Notably, nine video surveillance equipment manufacturers have joined the HEVC Advance program as Licensees, ranging from three of the world's largest video surveillance equipment makers to specialized developers of security
Empire State Building Observation Deck Run-Up Returns for 48th Annual Race on Oct. 68.7.2026 00:22:00 CEST | Press release
Presented by NYU Langone Health and Powered by MerrellLottery Open Through July 20 The Empire State Building Observation Deck (ESB), atop the “World’s Most Famous Building,” today announced that general lottery registration is open for this year's Empire State Building Observation Deck Run-Up (ESBRU), which will run through July 20, 2026. The annual race, presented by NYU Langone Health and powered by Merrell, will take place on Oct. 6, 2026, at 8 p.m. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707902561/en/ Empire State Building Observation Deck Run-Up Returns for 48th Annual Race on Oct. 6 This year’s race marks the 48th anniversary of the event, in which 225 runners will race up 1,576 stairs of the iconic New York City landmark to reach the world-famous 86th Floor Observation Deck. “Every year, the Empire State Building Observation Deck Run-Up is a remarkable feat for all who participate as they race up to Tripadvi
Modon's Hudayriyat Golf Estates Sets UAE Record With More Than AED 13 Billion in Sales Within Days of Launch7.7.2026 20:36:00 CEST | Press release
A record-breaking sales value for a residential project in the UAEThe project comprises golf mansions, villas, and townhouses across Hudayriyat Island, Abu Dhabi1,700 residences sold within days after the launch15% non-UAE resident buyers81% new customers to Modon Modon has set a new benchmark for the UAE real estate market with the launch of Hudayriyat Golf Estates on Hudayriyat Island, Abu Dhabi. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707126559/en/ Modon's Hudayriyat Golf Estates sets UAE record with more than AED 13 billion in sales within days of launch (Photo: AETOSWire) Within days of launch, the community achieved record-breaking sales exceeding AED 13 billion, marking the highest publicly recorded sales value for a single residential project launch in the UAE. Comprising an exclusive collection of golf mansions, villas, and townhouses, the development saw 1,700 of its residences sold after few days of laun
Loomis Sayles Growth Equity Strategies Team Celebrates Twenty-Year Milestones7.7.2026 16:36:00 CEST | Press release
Loomis, Sayles & Company, the century-old investment manager with nearly $418 billion in assets under management, proudly celebrates the 20-year anniversaries of the Loomis Sayles Large Cap Growth and the Loomis Sayles All Cap Growth strategies, as well as a differentiated approach to growth equity investing under the leadership of Aziz V. Hamzaogullari, CFA, the founder, chief investment officer and portfolio manager of the Loomis Sayles Growth Equity Strategies (GES) Team. Aziz is also an executive vice president and a member of the firm’s Board of Directors. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707992418/en/ Celebrating 20 Years of The Power of Active Management Done Right GES is a cohesive team with 20 years of alpha generation and a long-term, private equity approach to investing. Under Aziz Hamzaogullari’s leadership since 2010, assets under management for GES have grown from $1.9 billion to $98.2 billion
Integral Ad Science Appoints Lidiane Jones Chief Executive Officer7.7.2026 15:35:00 CEST | Press release
Accomplished AI and technology executive to lead IAS's next phase of innovation and growth; Lisa Utzschneider to serve as Special Advisor to the Board through year-end Integral Ad Science (IAS), one of the world's most trusted media quality companies, today announced the appointment of Lidiane Jones as Chief Executive Officer, effective immediately. Jones succeeds Lisa Utzschneider, who led IAS for more than seven years and will remain with the company as Special Advisor to the Board through the end of 2026 to support a seamless transition. Utzschneider will also serve as a Special Advisor to Novacap and their portfolio companies. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707780892/en/ Lidiane Jones: Integral Ad Science CEO, Photo Credit: Pamela Hanson The appointment reflects IAS's long-term strategic vision for the future of digital advertising. As AI transforms how media is planned, bought, measured, and optimized
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
