Business Wire

MA-VERACODE

Share
Veracode Research Finds a Quarter of Technology Applications Contain ‘High Severity’ Security Flaws, Which Pose a Serious Cybersecurity Risk If Exploited

Veracode, a leading global provider of modern application security testing solutions, today revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk—meaning they would cause a critical issue for the application if exploited. With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and practices for their development teams.

Chief Research Officer at Veracode, Chris Eng, said, “Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training.”

The data was published in Veracode’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the technology, retail, manufacturing, healthcare, financial services, and government sectors. Overall, the technology industry was revealed to have the second-highest proportion of applications that contain security flaws, at 79 percent, making it marginally better than the public sector at 82 percent. The tech sector lands in the middle of the pack when it comes to the proportion of flaws that are fixed.

Tech Firms Are Comparatively Quick to Fix Software Security Flaws

Encouragingly, when tech firms do discover flaws in their applications, they are comparatively fast to reach the halfway point of remediation. In fact, the sector boasts industry-leading fix times for flaws discovered by static analysis security testing (SAST) and software composition analysis (SCA). While this is a laudable accomplishment, the industry still takes up to 363 days to fix 50 percent of flaws, suggesting there is still ample room for improvement.

Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”

Server configuration, insecure dependencies, and information leakage are the most common types of flaws discovered by dynamic analysis of technology applications, which broadly follows a similar pattern to other industries. Conversely, the sector exhibits the highest disparity from the industry average for cryptographic issues and information leakage, perhaps indicating that developers in the tech industry are more savvy on data protection challenges.

The Veracode State of Software Security v12 technology snapshot is available to download here and the full report is available here.

About the State of Software Security Report

The Veracode State of Software Security (SoSS) v12 analyzed the full historical data from Veracode services and customers. This accounts for a total of more than half a million applications (592,720) that used all scan types, more than a million dynamic analysis scans (1,034,855), more than five million static analysis scans (5,137,882) and more than 18 million software composition analysis scans (18,473,203). All those scans produced 42 million raw static findings, 3.5 million raw dynamic findings, and six million raw SCA findings.

The data represents large and small companies, commercial software suppliers, software outsourcers, and open-source projects. In most analyses, an application was counted only once, even if it was submitted multiple times as vulnerabilities were remediated, and new versions uploaded.

About Veracode

Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. Learn more at www.veracode.com, on the Veracode blog, on LinkedIn, and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20221208005101/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

The Coca-Cola Company Names New Leader for Europe Operating Unit18.7.2025 21:00:00 CEST | Press release

The Coca-Cola Company today announced that Luisa Ortega will become president of the Europe operating unit effective Sept. 1, succeeding Nikos Koumettis, who will retire in 2026 after a 25-year career with the company. Koumettis will remain with the company through Feb. 28, 2026, as a senior advisor. He will also serve on the board of directors of Hindustan Coca-Cola Beverages Pvt. Ltd., a company-owned bottler in India. Ortega joined Coca-Cola in 2019 and currently serves as president of the Africa operating unit. In this role, she leads a complex business that operates across 54 markets. Koumettis has led the Europe operating unit since it was created in 2021. “Luisa has done an outstanding job leading our African business, where our system has continued to make major investments to serve growing markets on the continent,” said Henrique Braun, Executive Vice President and Chief Operating Officer of The Coca-Cola Company. “As head of Europe, she will bring great international experien

NFL Running Back Derrick Henry Joins Amazfit as Athlete Ambassador18.7.2025 15:00:00 CEST | Press release

Henry to utilize Amazfit products to optimize health, recovery and performance as he enters his 10th NFL season Amazfit, a leading global smart wearables brand owned by Zepp Health (NYSE: ZEPP), announced Baltimore Ravens running back Derrick Henry as the newest elite athlete to join its growing roster of ambassadors. Known for his rare combination of speed and strength, Henry will utilize Amazfit wearables to power every phase of his training, recovery and sleep as he prepares for his 10th NFL season. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250718322498/en/ Derrick Henry is the newest elite athlete to join Amazfit's growing roster of ambassadors. As one of the most prolific running backs of his generation, Henry has amassed an impressive array of accolades during his career, including NFL Offensive Player of the Year, two rushing titles, and five Pro Bowl selections. With Amazfit as his official smart wearable partne

Qualcomm Announces Quarterly Cash Dividend18.7.2025 15:00:00 CEST | Press release

Qualcomm Incorporated (NASDAQ: QCOM) today announced a quarterly cash dividend of $0.89 per common share, payable on September 25, 2025, to stockholders of record at the close of business on September 4, 2025. About Qualcomm Qualcomm relentlessly innovates to deliver intelligent computing everywhere, helping the world tackle some of its most important challenges. Building on our 40 years of technology leadership in creating era-defining breakthroughs, we deliver a broad portfolio of solutions built with our leading-edge AI, high-performance, low-power computing, and unrivaled connectivity. Our Snapdragon® platforms power extraordinary consumer experiences, and our Qualcomm Dragonwing™ products empower businesses and industries to scale to new heights. Together with our ecosystem partners, we enable next-generation digital transformation to enrich lives, improve businesses, and advance societies. At Qualcomm, we are engineering human progress. Qualcomm Incorporated includes our licensin

MultiBank Group Confirms $MBG Token Listings on MEXC and Gate.io on TGE Day in Addition to MultiBank.io and Uniswap18.7.2025 14:34:00 CEST | Press release

MultiBank Group, the world’s largest & most regulated financial derivatives institution, is proud to announce that its highly anticipated $MBG Token will be listed on two new major global cryptocurrency exchanges — MEXC and Gate.io — on the day of its official Token Generation Event (TGE), July 22, 2025, in addition to MultiBank.io and Uniswap. The $MBG Token will go live on: MultiBank.ioGate.ioMEXCUniswap This new dual listing will allow millions of users across both exchanges to seamlessly access and trade $MBG using their existing accounts, ensuring immediate market participation at launch. The Token Generation Event (TGE) is now approaching following the successful completion of two pre-sale rounds, where MultiBank Group issued 7 million tokens in Round 1 and 3 million tokens in Round 2 — both of which sold out within minutes. Naser Taher, Chairman and Founder of MultiBank Group said “With $MBG, we’re introducing a utility token built to deliver real-world value, transparency, and

SLB Announces Second-Quarter 2025 Results18.7.2025 12:50:00 CEST | Press release

Revenue of $8.55 billion increased 1% sequentially and decreased 6% year on year GAAP EPS of $0.74 increased 28% sequentially and decreased 4% year on year EPS, excluding charges and credits, of $0.74 increased 3% sequentially and decreased 13% year on year Net income attributable to SLB of $1.01 billion increased 27% sequentially and decreased 9% year on year Adjusted EBITDA of $2.05 billion increased 2% sequentially and decreased 10% year on year Cash flow from operations was $1.14 billion and free cash flow was $622 million Board approved quarterly cash dividend of $0.285 per share SLB (NYSE: SLB) today announced results for the second-quarter 2025. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250716727689/en/ The exterior of the SLB headquarters in Houston, Texas. Second-Quarter Results(Stated in millions, except per share amounts)Three Months EndedChangeJun. 30, 2025Mar. 31, 2025Jun. 30, 2024SequentialYear-on-yearReve

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye