MA-VERACODE
8.12.2022 13:51:40 CET | Business Wire | Press release
Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.
Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”
The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.
Tech Firms Are Comparatively Quick to Fix Software Security Flaws
Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.
Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”
Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.
The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Galderma Buys Back Shares Worth CHF 232 Million in the Context of Accelerated Bookbuild Offering11.3.2026 07:00:00 CET | Press release
Ad hoc announcement pursuant to Art. 53 LR Galderma (SIX: GALD), the pure-play dermatology category leader, today announced that it has agreed to repurchase 1.6 million shares at a price of CHF 143.75 per share for a total consideration of CHF 232 million in the context of the accelerated bookbuild offering (“ABO”) of Galderma shares by Sunshine SwissCo GmbH (“EQT”), Abu Dhabi Investment Authority (Private Equities Department) and Auba Investment Pte. Ltd. (all together the “Selling Shareholders”) launched yesterday evening. The repurchase was made at the same price per share determined by the bookbuilding offering. As a result of yesterday evening’s ABO, the Selling Shareholders have fully divested their remaining stake in Galderma. The repurchase, which is expected to settle on March 13 is being financed by Galderma’s existing liquidity on hand and will not affect the company’s ability to deliver on its strategic and financing priorities. The shares will be held in treasury for futur
Thales Launches SkyDefender: The Integral Air and Missile Defence Dome With Artificial Intelligence11.3.2026 07:00:00 CET | Press release
SkyDefender is a multi-layer, multi-domain Integrated Air and Missile Defence system providing full protection against all types of air threats, on land, at sea and in space. SkyDefender integrates a network of advanced sensors and effectors with a versatile command and control (C2) system. With its open and modular architecture, it is fully compatible with existing air defence systems. Combining Thales’ expertise in cybersecurity and advanced artificial intelligence through cortAIx, Thales AI accelerator, SkyDefender enables operational superiority and proactive defence against cyberattacks and evolving threats. Thales is capable of delivering this critical protection globally from today. As air and missile threats are evolving faster than ever, from slow-moving drones to hypersonic missiles, attacks are becoming increasingly complex, saturating and unpredictable. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260310398606/
Curatis and Neupharma Announce Exclusive Licensing Agreement to Develop and Market Corticorelin (C-PTBE-01) for the Treatment of Peritumoral Brain Edema in Japan11.3.2026 07:00:00 CET | Press release
Japan is one of the world's most important pharmaceutical markets after the US and Europe. Neupharma’s team has extensive experience in developing and successfully commercialising orphan drugs as well as speciality care medicines in Japan, including a blockbuster drug. The agreement with Neupharma includes upfront and milestone payments of up to CHF 83.5 million as well as royalties of up to 20% on sales. The population of available patients eligible for corticorelin treatment associated with peritumoral brain edema is estimated at 60,000 in Japan and 500,000 worldwide. Global market potential is forecasted to exceed USD 1 billion annually. Curatis Holding AG (SIX: CURN) and Neupharma Co., Ltd. (“Neupharma”), a Japanese pharmaceutical company specializing in oncology, immunology, pulmonology and cardiology disorders, today announce an exclusive license and development agreement for corticorelin (C-PTBE-01) in Japan. Under the terms of the agreement, Neupharma will receive exclusive rig
Galderma Completes Successful Placement of EUR 500 Million Eurobond11.3.2026 06:55:00 CET | Press release
Galderma Group AG (SWX:GALD): NOT FOR DISTRIBUTION IN THE UNITED STATES OR IN ANY OTHER JURISDICTION IN WHICH SUCH DISTRIBUTION WOULD BE RESTRICTED BY APPLICABLE LAW OR REGULATION. Galderma Group AG (SIX:GALD), the pure-play dermatology category leader, today announced the successful placement of a single-tranche EUR 500 million Eurobond. The bond has a 5-year maturity and carries a fixed-rate annual coupon of 3.375%. The Eurobond was placed on March 10, 2026, with settlement expected on March 17, 2026, and will be listed on the SIX Swiss Exchange. Citigroup, ING, J.P. Morgan and RBC Capital Markets jointly led the transaction. Net proceeds from the transaction will be used to fully repay Galderma’s existing bank term loan issued in connection with the company’s initial public offering in March 2024. The transaction represents the final step in Galderma’s refinancing process, having obtained two investment grade credit ratings. Galderma is currently rated ‘BBB’ (stable outlook) by Fitc
Estithmar Holding Net Profit Surges 122% to QAR 938 Million; Revenue Rises 54% to QAR 6.4 Billion for the Year Ended 31 December 202510.3.2026 22:52:00 CET | Press release
- Sustainable Growth Driven by International Expansion - Significant Increase Across Key Metrics Estithmar Holding Q.P.S.C. has announced its financial results for the year ended 31 December 2025. The group reported a 54% increase in revenue to QAR 6.4 billion, compared with QAR 4.2 billion in 2024. Gross profit rose to QAR 2.1 billion, up from QAR 1 billion in 2024, representing growth of 111%. EBITDA reached QAR 1.5 billion, an increase of 102% year-on-year. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260310410214/en/ Estithmar Holding Net Profit Surges 122% to QAR 938 Million; Revenue Rises 54% to QAR 6.4 Billion for the Year Ended 31 December 2025 (Photo: AETOSWire) Net profit climbed 122% compared with 2024, reaching QAR 938 million. Earnings per share increased by 145% to QAR 0.264. The growth in net profit was primarily driven by higher revenues, particularly from the specialized contracting and healthcare sectors.
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom