MA-VERACODE
8.12.2022 13:51:40 CET | Business Wire | Press release
Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.
Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”
The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.
Tech Firms Are Comparatively Quick to Fix Software Security Flaws
Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.
Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”
Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.
The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Armis Centrix™ Named “Best Solution” for Cyber Exposure Management as Armis Wins Multiple Global InfoSec Awards at RSAC 202623.3.2026 17:00:00 CET | Press release
Armis awarded “Publisher’s Choice Cybersecurity Company”Yevgeny Dibrov received “Industry Pioneering CEO” Armis, the cyber exposure management & security company, today announced that it has won multiple Global InfoSec Awards from Cyber Defense Magazine at this year’s RSAC™ Conference. Armis received the following accolades: Armis Centrix™ won “Best Solution” for Cyber Exposure Management Armis named “Publisher’s Choice Cybersecurity Company” Yevgeny Dibrov, Armis’ CEO and Co-Founder, awarded “Industry Pioneering CEO” “We cannot safeguard modern infrastructure with yesterday’s tactics; the extended attack surface demands a unified, AI-driven approach that sees, protects and manages all assets (IT, OT, IoT, IoMT, applications, code, cloud and AI) in real time,” said Yevgeny Dibrov, CEO and Co-Founder of Armis. “Armis secures the most complex environments of organizations and governments worldwide to protect society from the destruction cybercriminals seek to cause. These awards reinforc
STOKR Appoints Subhankar Sinha as Senior Advisor23.3.2026 15:00:00 CET | Press release
Former BNY and PwC blockchain leader appointed to advance fund tokenization and STOKR's U.S. institutional expansion STOKR has appointed Subhankar Sinha as Senior Advisor. Sinha will work directly with STOKR's leadership team on fund tokenization with particular focus on money market fund (MMF) tokenization and on expanding STOKR's institutional presence in the U.S. market. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260323315236/en/ Image, Subhankar Sinha A New York-based digital assets executive, Sinha brings deep expertise across blockchain infrastructure, capital markets, and institutional business development. He previously served as Head of Blockchain at BNY, the world's largest custody and asset servicing business. Earlier in his career, he was a Director at PwC, where he co-founded and co-led the firm's blockchain consulting practice in the U.S. "Subhankar brings the institutional depth that this stage of STOKR's
Xsolla Partners With Cyprus Game Makers Association (CYGMA) as the Island Emerges as a Game Development Hub23.3.2026 14:00:00 CET | Press release
Strategic Partnership Equips Cyprus-Based Developers With the Commerce Infrastructure to Compete Globally Xsolla, a global video game commerce company that helps developers launch, grow, and monetize their games, today announced a strategic partnership with the Cyprus Game Makers Association (CYGMA). The collaboration will provide creators and studios within the CYGMA network with hands-on support, industry expertise, and access to world-class commerce tools, helping Cyprus-based studios bring their titles to players worldwide. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260323570679/en/ Graphic: Xsolla The partnership comes as Cyprus continues to attract game development talent, fueled by favorable business conditions and a growing creative community. Through its collaboration with CYGMA, Xsolla aims to accelerate momentum and expand opportunities for developers by removing commerce and distribution barriers that often p
Exein Unveils Next-Generation Runtime Security to Protect the AI-Native World23.3.2026 14:00:00 CET | Press release
Photon blocks cyberattacks before execution across physical AI and IoT, autonomous AI agents and cloud and edge infrastructure Kernel-level prevention sets a new standard beyond traditional user-space detection Builds on Exein’s position as the world’s largest runtime security provider, protecting over two billion devices Exein, the global leader in runtime cybersecurity, today unveiled Photon, a preemptive breakthrough solution that blocks cyberattacks at the point of execution. Designed for the AI-native world - where digital and physical systems are now inseparable - Photon marks a fundamental shift in how critical infrastructure protects itself. Unlike traditional cybersecurity solutions that detect threats after compromise - typically operating in user space and relying on a cloud network - Exein’s Photon operates directly inside the kernel, preventing malicious execution paths before they can run. By blocking attacks before the point of execution, the technology dramatically redu
Manhattan Associates’ 2026 Unified Commerce Benchmark Reveals the High Price of Standing Still in Retail23.3.2026 13:30:00 CET | Press release
Leaders achieve up to 2X revenue growth, but only 7% of retailers are true unified commerce leaders Manhattan Associates Inc. (NASDAQ: MANH), today announced the findings of its 2026 Global Unified Commerce Benchmark for Specialty Retail, the industry’s most comprehensive assessment of how well retailers connect digital and physical experiences to drive growth, profitability and loyalty. Conducted by Incisiv, a leading retail research firm, the Benchmark is based on real-world purchases and returns. It analyzes more than 400 specialty retailers across EMEA, LATAM and North America on 330 capabilities spanning four key experience areas: Shopping, Checkout, Fulfillment, and Service. The 2026 Benchmark reveals that while the industry has made steady progress in unified commerce maturity since 2023 when it was first launched, only 7% of retailers have achieved true unified commerce leadership while 33% are still stuck in the Basic category. Leaders are translating connected, data‑driven ye
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom