Report

State of Software Security Volume 9

Veracode’s State of Software Security report provides the security industry’s clearest picture of software security risk. Over the course of 12 months, we’ve scanned over 2 trillion lines of code - across 700,000 scans - to bring you metrics that represent the industry’s most comprehensive set of application security benchmarks.

Get the Report


What will you learn?

Our goal with Volume 9 was to delve deep into the statistics that show how long it takes for different types of vulnerabilities to get fixed, and to understand why certain risks linger for as long as they do.

To effectively do this, we partnered with the data scientists at Cyentia Institute to truly understand and tell the story around vulnerability fix behavior.


This year’s report addresses:

• How different variables impact fix velocity

• The persistence of flaws once they’ve been discovered

• Evidence that DevSecOps has the potential to be a very positive influence on the state of software security


Use this report to:

• Learn best practices to decrease the time between flaws found and flaws fixed.

• Compare policy compliance data by industry, scan frequency, vulnerability type, and more.

• See what trends are impacting software security, such as DevOps and open source components.