State of Software Security Volume 9

dummy report

What Will You Learn?

Veracode’s State of Software Security report provides the security industry’s clearest picture of software security risk. Over the course of 12 months, we’ve scanned over 2 trillion lines of code - across 700,000 scans - to bring you metrics that represent the industry’s most comprehensive set of application security benchmarks.

Want a sneak peek at the data? Take a look at "Just the Charts"

Our goal with Volume 9 was to delve deep into the statistics that show how long it takes for different types of vulnerabilities to get fixed, and to understand why certain risks linger for as long as they do.

To effectively do this, we partnered with the data scientists at Cyentia Institute to truly understand and tell the story around vulnerability fix behavior.

This year’s report addresses:
  • How different variables impact fix velocity
  • The persistence of flaws once they’ve been discovered
  • Evidence that DevSecOps has the potential to be a very positive influence on the state of software security

Use this report to:
  • Learn best practices to decrease the time between flaws found and flaws fixed.
  • Compare policy compliance data by industry, scan frequency, vulnerability type, and more.
  • See what trends are impacting software security, such as DevOps and open source components.



Questions? Contact Us | 1-888-937-0329

About Veracode

Veracode is the leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Veracode serves thousands of customers worldwide across a wide range of industries. The Veracode solution has assessed more than 78 trillion lines of code and helped companies fix more than 74 million security flaws.

Learn more at, on the Veracode blog and on Twitter.

© 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.