MA-VERACODE
Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.
Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”
The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.
Tech Firms Are Comparatively Quick to Fix Software Security Flaws
Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.
Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”
Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.
The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
TOURISE Reframes Tourism Sector as Global Powerhouse on a Path to $16 Trillion During Davos24.1.2026 00:22:00 CET | Press release
TOURISE advanced tourism’s role as a vital sector connecting industries, economies, and regions to address shared global challenges at the World Economic Forum Annual Meeting in Davos. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260123950180/en/ His Excellency Ahmed Al‑Khateeb, Minister of Tourism of Saudi Arabia and Chairman of TOURISE, convenes executives from Trip.com, Visa, TikTok, PayPal, Salesforce, Forbes, Avolta, ByteDance, and more at Davos 2026 Often overlooked as a siloed industry, TOURISE pressed the importance of tourism being recognized as a strategic sector, contributing one in every $10 to global GDP and uplifting every industry it touches. His Excellency Ahmed Al Khateeb, Minister of Tourism of Saudi Arabia and Chairman of TOURISE said alliances and collaboration across sectors will see tourism continue to rise. “Tourism is more than a lifestyle sector, it functions as a strategic economic system. TOURISE
Zycus Named a Leader in the 2026 Gartner® Magic Quadrant™ for Source-to-Pay Suites23.1.2026 20:00:00 CET | Press release
This acknowledgment reflects Zycus’ momentum in Agentic AI, comprehensive S2P suite, brand trust and customer outcomes. Zycus, a global provider in Source-to-Pay (S2P) technology, today announced that it has been recognized as a Leaderin the 2026 Gartner® Magic Quadrant™ for Source-to-Pay Suites. We believe the report points to Zycus’ continued investment in Merlin Intake to streamline user experience and Agentic AI to support workflows such as tail-spend management via autonomous negotiation. This aligns with Zycus’ “Intake to Outcomes” (I2O) belief: simplify how work enters procurement, orchestrate execution with Agentic AI, and deliver outcomes with the right governance and control. “Being recognized as a Leader in the Gartner Magic Quadrant for Source-to-Pay Suites reflects our long-term commitment to innovation, customer outcomes, and responsible AI,” said Aatish Dedhia, Founder & CEO of Zycus. “Merlin Agentic AI is designed to move beyond task automation towards end-to-end outcom
Bureau Veritas to Acquire a Leading Sustainability Specialist for Consumer Products in Italy23.1.2026 18:13:00 CET | Press release
Bureau Veritas, a global leader in Testing, Inspection, and Certification services (TIC), announces the acquisition of SPIN360, a leading Italian consulting firm specialized in sustainable innovation and development across primary premium fashion and luxury brands. This acquisition aligns with Bureau Veritas’ LEAP | 28 strategy to create new strongholds in the Consumer Product Services (CPS) industry, and to accelerate its growth in key markets such as Italy. The transaction will deliver on value creation opportunities, by combining SPIN360's proprietary Life Cycle Assessment (LCA) tools and data-driven advisory services with Bureau Veritas' certification and supply chain auditing expertise. It will also help position Bureau Veritas as a global center of excellence for premium fashion and luxury. Created in 2009 and based in Milan, SPIN360 provides technical advisory services covering LCA, life cycle costing, environmental product declarations, carbon footprint, supply chain engagement
HCLTech to Acquire Singapore-based Finergic to Boost Digital Transformation Offerings for Wealth Management Industry23.1.2026 17:55:00 CET | Press release
HCLTech, a leading global technology company, today announced that it has signed a definitive agreement to acquire Finergic Solutions Pte Ltd, a boutique wealth consulting firm headquartered in Singapore. The transaction is expected to close by April 30, 2026. Founded in 2019, Finergic focuses on core banking and wealth management transformation and has a strong, well-established global presence. The addition of Finergic’s niche capabilities, combined with the scale of HCLTech, is expected to unlock stronger synergies and enhance service delivery across the financial services and wealth management industry. HCLTech brings 25+ years of global experience in serving leading financial institutions. By integrating Finergic’s specialized transformation strategy, consulting and wealth-architecture capabilities, HCLTech will accelerate the delivery of next-generation, platform-enabled wealth management solutions anchored by advanced AI-native workflows. These capabilities will complement HCLTe
Saudi Arabia to Host World Economic Forum Global Collaboration and Growth Meeting: Building Common Ground and Reviving Growth on 22-23 April 202623.1.2026 16:29:00 CET | Press release
Saudi Arabia will host the World Economic Forum (WEF) Global Collaboration and Growth Meeting: Building Common Ground and Reviving Growth in Jeddah on 22-23 April 2026, it was announced on the closing day of the 56th Annual Meeting of the Forum in Davos, Switzerland. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260123725881/en/ HE Faisal F. Alibrahim, Saudi Arabia’s Minister of Economy and Planning, announces that the Kingdom will host the World Economic Forum Global Collaboration and Growth Meeting in Jeddah in April 2026 (Photo: AETOSWire) His Excellency Faisal F. Alibrahim, Saudi Arabia’s Minister of Economy and Planning today confirmed the details for the regular high-level WEF meeting, which was announced at the 2025 WEF Annual Meeting. Calling for pragmatism and collaboration against a backdrop of geopolitical fragmentation, HE Alibrahim said “stability can’t be quickly built, and it can’t be bought”. “Stability need
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom