Report

State of Software Security Volume 9

Terrified by the presence of application flaws? You should be. Over 85% of apps have at least one vulnerability. See why, and what DevSecOps unicorns are doing to fix these flaws nearly 12 times faster. This go-to report, a product of more than 2 trillion lines of scanned code, provides valuable insight on the future of AppSec.

Get the Report


The fear ends here.

With Veracode, flaws have no place to hide. This in-depth report reveals statistics that show how long it takes for different types of vulnerabilities to get fixed, and to understand why certain risks lurk for as long as they do.

To effectively do this, we partnered with the data scientists at Cyentia Institute to truly understand and tell the story around vulnerability fix behavior.


This year’s report addresses:

• How different variables impact fix velocity

• The persistence of flaws once they’ve been discovered

• The evidence that DevSecOps has the potential to be a very positive influence on the state of software security.


Use this report to:

• Learn best practices to decrease the time between flaws found and flaws fixed.

• Compare policy compliance data by industry, scan frequency, vulnerability type, and more.

• See what trends are impacting software security, such as DevOps and open source components.