Study of Software Related
Cybersecurity Risks in Public Companies

Veracode has been publishing a semi-annual State of Software Security (SOSS) report since 2010. Over time we have received significant interest in our findings and numerous requests to investigate the dataset from many different perspectives that may not be routinely covered in our semi-annual reports.

Download the Report


To satisfy the curiosity of our readers and to allow us to extend our investigation to topical areas, we are moving to a new reporting format in 2012. This year we are publishing shorter feature supplements that are designed to address a particular, focused topic, and only release the full SOSS report once a year. This report is the first feature supplement for 2012.


The focus area of this report is vulnerabilities in the software applications of publicly traded companies. These applications comprise both those that were developed internally by these public companies as well as those they procured from third-parties, such as commercial off-the-shelf applications and outsourced or open source applications, as well as software-as-a-service.