MA-VERACODE
Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.
Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”
The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.
Tech Firms Are Comparatively Quick to Fix Software Security Flaws
Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.
Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”
Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.
The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Bureau Veritas to Acquire a Leading Sustainability Specialist for Consumer Products in Italy23.1.2026 18:13:00 CET | Press release
Bureau Veritas, a global leader in Testing, Inspection, and Certification services (TIC), announces the acquisition of SPIN360, a leading Italian consulting firm specialized in sustainable innovation and development across primary premium fashion and luxury brands. This acquisition aligns with Bureau Veritas’ LEAP | 28 strategy to create new strongholds in the Consumer Product Services (CPS) industry, and to accelerate its growth in key markets such as Italy. The transaction will deliver on value creation opportunities, by combining SPIN360's proprietary Life Cycle Assessment (LCA) tools and data-driven advisory services with Bureau Veritas' certification and supply chain auditing expertise. It will also help position Bureau Veritas as a global center of excellence for premium fashion and luxury. Created in 2009 and based in Milan, SPIN360 provides technical advisory services covering LCA, life cycle costing, environmental product declarations, carbon footprint, supply chain engagement
HCLTech to Acquire Singapore-based Finergic to Boost Digital Transformation Offerings for Wealth Management Industry23.1.2026 17:55:00 CET | Press release
HCLTech, a leading global technology company, today announced that it has signed a definitive agreement to acquire Finergic Solutions Pte Ltd, a boutique wealth consulting firm headquartered in Singapore. The transaction is expected to close by April 30, 2026. Founded in 2019, Finergic focuses on core banking and wealth management transformation and has a strong, well-established global presence. The addition of Finergic’s niche capabilities, combined with the scale of HCLTech, is expected to unlock stronger synergies and enhance service delivery across the financial services and wealth management industry. HCLTech brings 25+ years of global experience in serving leading financial institutions. By integrating Finergic’s specialized transformation strategy, consulting and wealth-architecture capabilities, HCLTech will accelerate the delivery of next-generation, platform-enabled wealth management solutions anchored by advanced AI-native workflows. These capabilities will complement HCLTe
Saudi Arabia to Host World Economic Forum Global Collaboration and Growth Meeting: Building Common Ground and Reviving Growth on 22-23 April 202623.1.2026 16:29:00 CET | Press release
Saudi Arabia will host the World Economic Forum (WEF) Global Collaboration and Growth Meeting: Building Common Ground and Reviving Growth in Jeddah on 22-23 April 2026, it was announced on the closing day of the 56th Annual Meeting of the Forum in Davos, Switzerland. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260123725881/en/ HE Faisal F. Alibrahim, Saudi Arabia’s Minister of Economy and Planning, announces that the Kingdom will host the World Economic Forum Global Collaboration and Growth Meeting in Jeddah in April 2026 (Photo: AETOSWire) His Excellency Faisal F. Alibrahim, Saudi Arabia’s Minister of Economy and Planning today confirmed the details for the regular high-level WEF meeting, which was announced at the 2025 WEF Annual Meeting. Calling for pragmatism and collaboration against a backdrop of geopolitical fragmentation, HE Alibrahim said “stability can’t be quickly built, and it can’t be bought”. “Stability need
Philip Morris International Urges FDA Advisory Committee to Recommend Authorizing ZYN as a Modified Risk Tobacco Product23.1.2026 15:15:00 CET | Press release
In January 2025, ZYN became the first nicotine pouch product authorized for marketing by the FDA Experts from Philip Morris International (PMI) (NYSE: PM) yesterday presented scientific evidence to the U.S. Food and Drug Administration’s (FDA) Tobacco Products Scientific Advisory Committee (TPSAC) as part of the FDA’s process for a Modified Risk Tobacco Product (MRTP) designation for their ZYN nicotine pouch products. This designation would allow PMI’s U.S. family of businesses to communicate to U.S. legal-aged, 21+ adult cigarette smokers that switching completely to ZYN reduces their risk of many smoking-related diseases and we look forward to a decision by FDA. "The FDA’s Center for Tobacco Product’s (CTP) mission is to make smoking-related disease and death a part of America’s past,” said Keagan Lenihan, Chief External Affairs Officer for PMI U.S. “Smoke-free products, like ZYN, play a critical role in helping CTP achieve this mission and provide adults who smoke with important inf
Business4Land Champions’ Council Launched at Davos to Spur Private Sector Action on Land and Drought23.1.2026 14:58:00 CET | Press release
The UNCCD COP16 Presidency, led by Saudi Arabia, and the United Nations Convention to Combat Desertification (UNCCD) Secretariat launched the Business4Land (B4L) Champions’ Council at the World Economic Forum in Davos to mobilize global CEOs and industry leaders in support of large-scale land restoration. The B4L Champions Council members include ten companies: Nexira, Suzano, Gut & Bösel, Patagonia Provisions/ B.Cameron Consulting, Olam Group, Reservas Votorantim, Genesis Soil Health, EY, Envision Energy, and LVMH The move marks the beginning of a more structured and strategic engagement with the private sector ahead of COP17. TheUnited Nations Convention to Combat Desertification(UNCCD) Secretariat and the UNCCD COP16 Presidency, led by the Kingdom of Saudi Arabia, today announced the official launch of the Business4Land (B4L) Champions’ Council at a high-level event hosted at InTent during the World Economic Forum (WEF) Annual Meeting in Davos. This press release features multimedia
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom