MA-VERACODE
Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.
Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”
The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.
Tech Firms Are Comparatively Quick to Fix Software Security Flaws
Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.
Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”
Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.
The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.
About the State of Software Security Report
The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.
The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.
About Veracode
Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.
Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Andersen Consulting samarbejder med Mercurial Minds om at forbedre mulighederne inden for digital transformation4.7.2025 01:10:00 CEST | Pressemeddelelse
Andersen Consulting udvider sit udbud af teknologidrevne løsninger med tilføjelsen af samarbejdsfirmaet Mercurial Minds (M.M.), et konsulentfirma inden for digital transformation, AI og IT med base i Pakistan. M.M. blev grundlagt i 2013 og tilbyder en række tjenester, der er designet til at hjælpe organisationer med at udvikle sig og skalere, herunder i forbindelse med deres digitale transformationsstrategi, AI-tjenester, it-rådgivning og udvikling af robuste mobil- og webbrugeroplevelser. Firmaet leverer end-to-end-løsninger – udformning af datadrevne køreplaner, udvikling af intelligent automatisering og levering af sikre mobil- og weboplevelser, der kan skaleres – skræddersyet til virksomheder, der ønsker at forbedre sine forbindelsesmulighederne og opnå indsigter i realtid. M.M. betjener en bred vifte af brancher med fokus på finans, telekommunikation og andre dataintensive sektorer. "Dette samarbejde er en katalysator," siger Nabeel Saiyer, administrerende direktør for M.M. "Vores
Global Tourism Surging Ahead of Economic Growth, With Visits to Hit 30 Billion by 20344.7.2025 01:00:00 CEST | Press release
The World Economic Forum report, in collaboration with Kearney and the Ministry of Tourism Saudi Arabia, predicts a significant uptick in tourist trips across the globeThe tourism sector will contribute $16 trillion to global GDP (more than 11% of the global economy) by 2034, according to World Travel & Tourism Council estimates (WTTC)India and China will be responsible for more than 25% of all outbound travel by 2030 The World Economic Forum has today published a new report forecasting that the travel and tourism industry is projected to serve 30 billion tourist trips by 2034. Travel and Tourism at a Turning Point: Principles for Transformative Growth, produced in collaboration with Kearney and the Ministry of Tourism Saudi Arabia, reveals a projected $16 trillion contribution to global GDP by the same year—representing more than 11% of the total world economy, according to World Travel & Tourism Council estimates. The report also found that the sector is expanding 1.5 times faster th
The 2025-2026 World Branding Awards Animalis Edition Honouring Leading Pet and Animal Brands Globally3.7.2025 21:00:00 CEST | Press release
The 2025-2026 World Branding Awards Animalis Edition marked its fifth instalment, bringing together leading pet and animal brands from all around the world. These brands were celebrated for their outstanding achievements, earning recognition as National, Regional, and Global Winners. The awards ceremony, held at Vienna's prestigious Hofburg Palace, welcomed winners across diverse categories, including pet food, retail, wellness, pet exhibitions, and aquatic products. Mounia Berrada-Gouzi expertly hosted the evening, which culminated in a grand celebration of brand excellence. “The Animalis Edition of the World Branding Awards recognises brands that have achieved the highest distinction—genuine recognition in the hearts and minds of consumers. Tonight, we honour those whose names resonate globally, whose values inspire loyalty, and whose presence defines excellence in the pet and animal industry,” said Richard Rowles, Chairman of the World Branding Forum. Out of over 950 brands nominate
Venture Global Announces 20-Year Sales and Purchase Agreement with PETRONAS3.7.2025 14:59:00 CEST | Press release
Today, Venture Global, Inc. (NYSE: VG) announced the execution of a new 20-year Sales and Purchase Agreement (SPA) with PETRONAS LNG Ltd. (PLL), a subsidiary of the Malaysian state-owned oil and gas company, PETRONAS. Under the terms of the SPA, PETRONAS will purchase 1 million tonnes per annum (MTPA) of liquefied natural gas (LNG) from Venture Global’s third facility, CP2 LNG, for 20 years. This builds upon Venture Global’s existing agreement with PETRONAS for 1 MTPA of LNG supply from Plaquemines LNG. PETRONAS, a world-class partner in the LNG industry, joins other CP2 LNG customers in Europe, Asia and the rest of the world in a strategically important project to global energy supply and security. To date, approximately 10.75 MTPA of the 14.4 MTPA nameplate capacity for CP2 Phase One has been sold. About Venture Global Venture Global is a long-term, low-cost provider of U.S. LNG sourced from resource rich North American natural gas basins. Venture Global’s business includes assets ac
Frost & Sullivan Recognizes Novotech as 2025 Global Biotech CRO Company of the Year3.7.2025 14:05:00 CEST | Press release
In recognition of its innovation, client-focused delivery, and global impact, Novotech has been awarded the 2025 Global Biotechnology Contract Research Organization (CRO) Company of the Year by Frost & Sullivan. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250703950144/en/ Novotech Wins Global CRO Award Novotech is a globally recognized full-service clinical CRO and scientific advisory firm, trusted by biotech and small- to mid-sized pharmaceutical companies to advance their drug development programs at every phase. With a global footprint spanning Asia-Pacific, North America, and Europe, Novotech supports over 5,000 clinical trial sites and a distributed team of experts delivering seamless, end-to-end solutions across geographies. “Novotech is redefining biotech-focused clinical research through AI-driven innovation, global expansion, and a client-embedded partnership model. With a clear vision to be the CRO of choice for
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom