Veracode’s latest “State of Software Security” is no mere survey report. The metrics presented here are based on real application risk postures, drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the past 18 months.
What You Will Learn: Veracode's intention is to provide security practitioners with tangible AppSec benchmarks against which to measure their own programs. Following up on last year’s report, which focused heavily on benchmarks based on industry vertical performance, this year’s report offers valuable updates as well as takes a closer look at remediation analysis statistics and third-party component vulnerabilities across all industries.
It answers such key questions as:
What are the 10 most common vulnerability categories?
What percentage of vulnerabilities do my peers remediate?
How much impact do my remediation efforts have?
How does my fix rate compare to my industry peers? What does good look like?
How does my fix rate compare to my industry peers? What does good look like?
