MA-VERACODE
8.12.2022 13:51:40 CET | Business Wire | Press release
Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.
Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”
The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.
Tech Firms Are Comparatively Quick to Fix Software Security Flaws
Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.
Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”
Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.
The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Ares Management Prices European Direct Lending CLO II at Over €300 Million19.2.2026 18:25:00 CET | Press release
Ares Management Corporation (NYSE: ARES) (“Ares”), a leading global alternative investment manager, announced today the pricing of its second European Direct Lending Collateralized Loan Obligation, Ares European Direct Lending CLO II (“EDL CLO II”), at over €300 million. Consistent with the underlying composition of its predecessor, EDL CLO II is a diversified CLO comprised entirely of directly originated and actively managed loans issued by over 70 middle-market companies predominantly based in Western Europe and primarily operating in resilient industries. The instrument is weighted towards senior-secured floating rate loans and will be rated by S&P and KBRA. Ares believes EDL CLO II is among the first multi-currency middle-market CLOs in Europe. “We are pleased to successfully price our second European Direct Lending CLO in less than 12 months as we continue building on our nearly 20 years of corporate direct lending experience in Europe,” said Michael Dennis, Partner and Co-Head of
Positive Phase 3 Data Demonstrate Potential for ENTYVIO® (vedolizumab) to Address Treatment Gap for Children and Adolescents with Moderate to Severe Ulcerative Colitis19.2.2026 18:00:00 CET | Press release
Pivotal Phase 3 global KEPLER study of vedolizumab intravenous (IV) in pediatric patients ages 2 to 17, who had an inadequate response to either conventional treatment options or tumor necrosis factor (TNF) antagonists, found nearly half (47.3%) of randomized patients achieved primary endpoint of clinical remission at 54 weeksVedolizumab’s safety profile was generally consistent with its known safety profile in adultsResults were presented at the 21st Congress of the European Crohn’s and Colitis Organisation (ECCO) Takeda (TSE:4502/NYSE:TAK) today announced positive data from the pivotal Phase 3 KEPLER trial, which demonstrated that ENTYVIO® (vedolizumab) can offer the possibility of clinical remission for patients ages 2 and older with moderately to severely active ulcerative colitis (UC), a chronic inflammatory disease of the gastrointestinal tract and one of the two most common types of inflammatory bowel disease.1,2 The results, presented at the 21st Congress of the European Crohn’
Andersen Consulting udvider sine kompetencer inden for data og analyse med Insight Consulting19.2.2026 17:06:00 CET | Pressemeddelelse
Andersen Consulting styrker sin platform gennem en samarbejdsaftale med Insight Consulting, der er en førende rådgivningsvirksomhed inden for data og digital strategi med tilstedeværelse i Sydafrika, Mozambique og Storbritannien. Insight Consulting tilbyder end-to-end-ydelser på tværs af den digitale værdikæde, herunder digital strategi, digital kompetenceudvikling, enterprise AI, skræddersyet softwareudvikling, dataintegration, analyse samt planlægning og forecasting. Virksomhedens tværfaglige teams kombinerer ekspertise inden for mennesker, teknologi og processer og sikrer, at effektiv forandringsledelse omfatter alle tre elementer. Virksomheden arbejder på tværs af brancher som detailhandel, logistik, oplevelsesbranchen, finans, fremstillingsindustrien, rejsebranchen, landbrug, transport og sundhed. "Samarbejdet med Andersen Consulting giver os adgang til et bredere globalt fodaftryk og avancerede metoder, samtidig med at vi kan bidrage med vores regionale indsigt og ekspertise inde
Visa Renews Partnership Across Red Bull Formula One Teams19.2.2026 15:00:00 CET | Press release
Long‑term renewal deepens Visa’s presence across Red Bull F1 Teams with enhanced branding, fan access and client experiences Renewed partnership to expand support of Oracle Red Bull Racing and Visa Cash App Racing Bulls Visa (NYSE: V) today announced a multi‑year renewal and expansion of its global partnership with Red Bull F1 Team’s Oracle Red Bull Racing and Visa Cash App Racing Bulls. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260219542270/en/ Building on the groundbreaking partnership launched in 2024, the renewed agreement reinforces Visa’s commitment to one of the world’s fastest‑growing sports, while introducing significant new branding rights, enhanced hospitality assets and immersive experiential opportunities across both teams. Visa will also continue as a Title Partner of both Visa Cash App Racing Bulls Formula One Team and its F1 Academy Programme, further strengthening Visa’s presence on and off the grid. “T
Project B Taps Fashion Industry Veteran William Kim as Chief Lifestyle Officer19.2.2026 15:00:00 CET | Press release
Global basketball platform merges elite sport with fashion, design, and culture Project B, an elite global women’s and men’s basketball grand prix built for a new generation of athletes and fans, today announced the appointment of William Kim as Chief Lifestyle Officer. In this strategic role, Kim will lead Project B’s premium lifestyle business across merchandise, brand collaborations, and cultural partnerships as Project B expands across Europe, Asia, and the Americas to create the most premium cultural platform in global sport. “We are building a model designed for 2030 and beyond,” said Kim. “It starts with creating exceptional products. We’re sourcing the highest quality natural fibers for every moment in an athlete’s day and offering those same collections to the broader fan community. From design to supply chain to final consumer experience, we are operating with the same discipline and control as a luxury house, overseeing product, distribution, and brand experience holisticall
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom