State of Software Security Volume 10

dummy report

For the past decade, Veracode’s State of Software Security report has provided the security industry’s clearest picture of software security risk. For Volume 10, we analyzed the data collected from 1.4 million scans, 85,000 applications, and nearly 10 million security findings. The resulting metrics represent the industry’s most comprehensive set of application security benchmarks.

Read the report to gain valuable perspective on the state of software security today and find more strategies for improving your software security.

What will you learn?

Volume 10 of the SOSS revisits the concept of flaw persistence analysis we introduced in Volume 9, but hones in on the accumulating security debt in applications caused by those persistent flaws and long fix timeframes. Take a look at SOSS X, where you’ll get:
  • SOSS “Then vs. Now” comparisons
  • The overall state of software security today, including flaw prevalence, fix rates, the frequency of application testing, and more
  • An understanding of what security debt is, and what factors contribute to it
  • A look at the data broken down by industry and region
Use this report to:
  • Learn best practices to decrease the time between flaws found and flaws fixed, and to avoid increasing security debt.
  • Compare policy compliance data by industry, scan frequency, vulnerability type, and more.
  • See what trends are impacting software security, such as DevOps and scanning cadence.



Questions? Contact Us | 1-888-937-0329

About Veracode

Veracode is the leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Veracode serves thousands of customers worldwide across a wide range of industries. The Veracode solution has assessed more than 78 trillion lines of code and helped companies fix more than 74 million security flaws.

Learn more at, on the Veracode blog and on Twitter.

© 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.