Business Wire

MA-VERACODE

8.12.2022 13:51:40 CET | Business Wire | Press release

Share
Veracode Research Finds a Quarter of Technology Applications Contain ‘High Severity’ Security Flaws, Which Pose a Serious Cybersecurity Risk If Exploited

Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.

Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”

The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.

Tech Firms Are Comparatively Quick to Fix Software Security Flaws

Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.

Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”

Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.

The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.

About the State of Software Security Report

The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.

The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Venture Global and Tokyo Gas Announce 20-Year LNG Sales and Purchase Agreement26.11.2025 01:00:00 CET | Press release

Venture Global’s fourth long-term contract with a Japanese company7.75 MTPA of long-term contracts signed by Venture Global to date in 2025 Today, Venture Global, Inc. (NYSE: VG) and Tokyo Gas Co., Ltd announced the execution of a new, long-term liquefied natural gas (LNG) Sales and Purchase Agreement (SPA). Under the SPA, Tokyo Gas will procure 1 million tonnes per annum (MTPA) of LNG from Venture Global for 20 years, starting in 2030. This deal marks 7.75MTPA of SPAs signed by Venture Global in the last six months. “With nearly 8 MTPA of new long-term commitments signed this year, Venture Global is pleased to build on our commercial momentum through this new partnership with Tokyo Gas,” said Venture Global CEO Mike Sabel. “Tokyo Gas is a pioneer in the LNG industry and leading provider of natural gas to Japan, and we look forward to working with them as we grow our position as a top LNG supplier to Japan. This agreement will contribute significantly to the US-Japan balance of trade o

Airship Study: No-Code Native App Experiences Double Purchase Frequency (+140%), Offering Path to Profitable Holiday Growth26.11.2025 00:08:00 CET | Press release

New research quantifies the massive conversion lift from optimizing native app and web experiences, providing a critical no-code path for retailers to drive profitability Mobile-first customer experience company Airship today released new aggregate data analysis findings showing that no-code native app experiences significantly increase conversion for key lifecycle events and more than double purchase frequency. The Airship "Experience Impact” research, which studied over 1,000 in-app retail experiences and 1.7 billion device sessions, quantifies the impact of optimizing end-to-end customer journeys—not just sending messages—using no-code and AI-powered tools to drive loyalty and retention at scale, leading to sustainable profitability in a volatile economic environment. Key Findings Customers exposed to high-impact no-code native app experiences such as optimized onboarding flows, dynamic surveys, or embedded personalized offers, purchase 140% more frequently than app customers who do

Court Finds That Two Advanced Cell Diagnostics Patents Are Not Infringed by Molecular Instruments’ Proprietary HCR™ RNA-ISH Technology25.11.2025 17:30:00 CET | Press release

Molecular Instruments, Inc. announced today that the Unified Patent Court (UPC) of the European Union has found that Molecular Instruments’ HCR™ RNA-ISH technology does not infringe two patents owned by Advanced Cell Diagnostics, Inc. (a Bio-Techne group company). In a 2024 lawsuit filed in the UPC (proceedings no. UPC CFI 187/2024), Advanced Cell Diagnostics alleged that Molecular Instruments’ HCR™ RNA-ISH technology infringes European patents (EP) 2,500,439 and 1,910,572. The Court in its judgment of 18 November 2025 has rejected that claim and dismissed all of Advanced Cell Diagnostics' lawsuit, ruling that the patents are not infringed either literally or by equivalence (UPC Judgment). This 2025 UPC judgment follows on the heels of an April 2024 UK judgment in which the High Court of England and Wales had already dismissed an earlier infringement lawsuit by revoking the UK parts of the same two Advanced Cell Diagnostics patents (proceedings no. HP-2022-000026), ruling that they wer

Pure Lithium Receives Saudi Patent for Vertically Integrated Lithium Metal Battery Technology25.11.2025 14:20:00 CET | Press release

Pure Lithium Corporation, a disruptive lithium metal battery technology company, is pleased to announce that the Kingdom of Saudi Arabia has granted the company a foundational patent titled “Vertically Integrated Pure Lithium Metal Production and Lithium Battery Production.” This broad patent covers technology that combines lithium extraction, anode production and battery manufacturing. Pure Lithium’s Brine to Battery™ is a registered trademark in the Kingdom of Saudi Arabia, planting a strong base of intellectual property in the region. “The technology is particularly relevant to Saudi Arabia because it is one of the places in the world with lithium-containing brines, and even has an abundance of vanadium, which is used in our second-generation battery,” said Founder, Chairman and CEO Emilie Bodoin. “In order to displace today’s lithium-ion battery, our vision is to create global battery hubs with closed loop supply chains, not just in the U.S., but in the many places in the world whe

‘BLUE LOCK - TOKYO EGOIST -’ kicks off on Saturday, November 2225.11.2025 14:07:00 CET | Press release

“BLUE LOCK” voice actors Kazuki Ura and Hiroshi Kamiya were also blown away by the spectacle! A countdown to the new release was held together with over 2,000 fans gathered at the Tokyo Metropolitan Government Plaza. In its efforts to promote nighttime tourism, the Tokyo Metropolitan Government is developing new attractions that illuminate the capital after dark. As part of this initiative, projection mapping is being presented year-round on the iconic Tokyo Metropolitan Government Building No. 1, transforming its façade into a canvas of light and sound. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251121922505/en/ ©Muneyuki Kaneshiro, Yusuke Nomura, KODANSHA/BLUE LOCK Production Committee. A brand-new production inspired by the internationally popular soccer anime“BLUE LOCK”, titled BLUE LOCK – TOKYO EGOIST –, began screening on Saturday, November 22. On the first day of the screening, a mini-event was held at the Tokyo M

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye