Business Wire

MA-VERACODE

Share
Healthcare Sector Leads the Way for Fix Rate of Software Security Flaws

Veracode, a leading global provider of application security testing solutions, today revealed that the healthcare sector takes first place for the proportion of software security flaws that are fixed, at 27 percent. The sector overtook financial services as the top-performing industry, demonstrating healthcare providers have made good headway toward the goal of making their software more secure over the past year.

The data was published in the company’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the healthcare, financial, technology, manufacturing, retail, and government sectors.

Chris Eng, Chief Research Officer at Veracode, said, “Healthcare is one of the more highly regulated sectors and is considered critical infrastructure by the government, so it’s encouraging to see the sector performs comparatively well in terms of overall flaw remediation. We hope healthcare developers and IT staff see this as a welcome ray of sunshine amidst the all-too-often gloomy realm of software security. There is still work to do, so here’s to more improvements in the years to come.”

Despite taking the top spot for fix rate, 77 percent of applications in the healthcare industry contain vulnerabilities, with 21 percent of applications containing high severity vulnerabilities. The sector also has ample room for improvement in terms of the time spent to fix flaws once they’re detected, taking up to a whopping 447 days to reach the halfway point of remediation.

Healthcare Breach Costs Are the Most Expensive

With healthcare companies incurring the highest average breach costs, at a new record high of $10.1 million*, taking proactive steps to minimize the risk of a cyberattack is imperative. Since data breaches in highly regulated industries tend to be associated with larger long-term costs that accrue over the ensuing years, the industry would benefit from even greater comprehensive efforts to address security earlier in the software development lifecycle.

Of the six industries analyzed, healthcare providers rank toward the bottom for the proportion of applications with any flaws, and second to last for the percentage of high-severity flaws—defined as those that present a serious risk to the application and organization if they were to be exploited. When it comes to the types of flaws discovered from dynamic analysis of applications in the sector, compared to other industries healthcare providers perform well for authentication issues and insecure dependencies, but have a higher incidence of cryptographic and deployment configuration issues.

Eng said, “We know that no application will ever be 100 percent free of security flaws, so it’s important that businesses take all necessary steps to minimize risk as much as possible. This includes scanning at a regular, rapid pace using multiple testing types, integrating testing tools into developer environments, and providing hands-on training to help developers understand the origin of flaws and how to fix or prevent them entirely. The healthcare sector should also take extra care to prioritize critical flaws—those vulnerabilities that could have a catastrophic impact if left unaddressed for too long.”

Andrew McCall, Vice President of Engineering, Azalea Health Innovations, said, “The biggest obstacle to building security into our workflows is that developers will treat security as just a checkbox. But security is an ongoing process and has to be top of mind throughout the software development life cycle. We chose Veracode because it was the easiest and best solution when it comes to integrating into our existing processes.”

Third-party Library Security

Considering a sharp increase in regulations to secure the software supply chain over the past year, the report analyzed third-party libraries to identify how vulnerabilities discovered through software composition analysis (SCA) behave. Overall, around 30 percent of vulnerable libraries remain unresolved after two years; however, that statistic reduces to 25 percent for the healthcare sector. In fact, while the overall ratio of vulnerable libraries found by SCA trends down steadily over time, healthcare experienced a brief upward spike before driving rates down dramatically over the last year or so.

The Veracode State of Software Security v12 healthcare snapshot is available to download here and the full report is available here.

* IBM Security and The Ponemon Institute, “Cost of a Data Breach Report 2022”: https://www.ibm.com/downloads/cas/3R8N1DZJ, July 2022

About the State of Software Security Report

The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.

The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220922005100/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Kaneka Obtains Halal Certificate for KANEKA UBIQUINOL TM9.7.2025 03:30:00 CEST | Press release

Kaneka Corporation (Headquarters: Minato-ku, Tokyo; President: Kazuhiko Fujii) (TOKYO:4118) has obtained “Halal Certificate (Certification Number: 355-TSRI/24)” for its functional food ingredient, KANEKA UBIQUINOLTM (active form of coenzyme Q10) powder, under the assessment of Shariah Research Institute of Takushoku University, and issued by JAPAN MUSLIM ASSOCIATION, a religious corporation, on May 28. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250708279133/en/ Halal certificate Halal certification is a system in which relevant organizations verify that products or services do not contain ingredients prohibited under Shariah (Islamic law) and certify their compliance with Shariah. We actively pursue the acquisition of various certifications to ensure the safety and security of our raw materials, and we are pleased to announce that we have obtained a Halal Certificate for KANEKA UBIQUINOLTM. Currently, the Muslim populati

SiPearl: Final closing of €130m Series A with Cathay Venture (Taiwan), EIC Fund and France 20308.7.2025 17:25:00 CEST | Press release

Tape-out of Rhea1, the most complex processor ever designed in Europe which will equip JUPITER, the 1st European exascale supercomputer Largest Series A in the European fabless semiconductor industry including €32m in new funding to close Series A and prepare the launch of Series B Strengthening ties with Taiwan’s semiconductor ecosystem to complement Europe’s sovereignty in supercomputing and AI SiPearl, the company building European high-performance energy-efficient processors for supercomputing and AI has achieved the definitive closing of its €130m Series A with a third tranche of €32m. Seed funded by the European Union, SiPearl was launched in January 2020 under the auspices of the European Processor Initiative consortium which aims to foster the return of high-performance energy-efficient processor technologies in Europe. Since then, the company has fulfilled its mission by building a world-class processor team of 200 employees in France, Spain, and Italy, set up its own sovereig

LambdaTest Unveils Smart Branching and Baseline Management to Modernize Visual Testing Workflows8.7.2025 17:00:00 CEST | Press release

SmartUI now aligns visual testing with real-world development practices, eliminating baseline confusion and making visual QA effortless across teams LambdaTest, a GenAI-powered quality engineering platform, has announced the release of SmartUI’sSmart Branching and Baseline Management, a major leap forward in visual testing. This update eliminates long-standing bottlenecks caused by outdated baseline strategies and introduces an intelligent, streamlined way for development teams to manage visual testing across complex Git workflows. Modern development teams utilise feature branches, release versions, and hotfix workflows; however, most visual testing tools still rely on comparisons against the main branch, resulting in irrelevant failures and time-consuming approvals. LambdaTest’s SmartUI changes that with features purpose-built for today’s branching strategies. Smart Branch Comparison ensures visual tests are run against the correct baseline, comparing within the same feature branch in

Connectivity as Versatile as the Aircraft, Starlink High-Speed Internet Now Available for Cessna Caravan8.7.2025 16:00:00 CEST | Press release

Textron Aviation Inc., a Textron Inc. (NYSE: TXT) company, today announced an additional high-speed internet connectivity solution for the Cessna Citation Caravan following the Federal Aviation Administration’s (FAA) issuance of AeroMech’s Supplemental Type Certificate (STC) for Starlink high-speed internet connectivity. AeroMech’s STC utilizes Starlink’s constellation of Low Earth Orbit (LEO) satellites to provide more reliable connectivity over land, water and remote areas, where traditional in-flight Wi-Fi may not have service. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250708514119/en/ Textron Aviation announced an additional high-speed internet connectivity solution for the Cessna Citation Caravan following the Federal Aviation Administration’s (FAA) issuance of AeroMech’s Supplemental Type Certificate (STC) for Starlink high-speed internet connectivity. (Photo: Textron Aviation) “The Cessna Caravan is so versatile,

Rigaku Announces STAvesta, a Thermal Analyzer Tailor-made for Next-generation Material Development8.7.2025 16:00:00 CEST | Press release

Supports a wide range of users from novices to experts, serving a wide variety of needs Rigaku Corporation, a Group company of Rigaku Holdings Corporation (headquarters: Akishima, Tokyo; CEO: Jun Kawakami; hereinafter “Rigaku”) has launched worldwide sales of STAvesta, a thermal analyzer that simultaneously measures a sample’s weight and change in calorific value during heating. STAvesta responds to needs in a wide array of fields where thermal analysis is required. It is expected to find use in a wide variety of material-analysis applications for the development of advanced features and complex materials. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250708207135/en/ STAvesta FlatBlank, a Revolutionary Auto-adjustment Feature, Dramatically Reduces Workload In conventional thermal analysis, baseline adjustment must be performed by hand before measurement can begin. This process can be time-consuming and frustrating, particu

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye