State of Software Security Report
Volume 3

The State of Software Security is a semi-annual report representing the anonymized data from billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers in Veracode’s cloud-based application risk management services platform.

Download the Report



This volume captures data collected over the past 18 months from the analysis of 4,835 applications on our cloud platform (compared to 2,922 in Volume 2 published in September 2010). This reflects the growing use of independent, cloud-based application security testing services. As before, the report first examines the security quality of applications by supplier type in the software supply chain and then explores application security by language, industry, and application type.


About the profiles, trends, and the State of Software Security from real data from Veracode’s customers. New in Volume 3 are sections on Remediation Analysis, Developer Training and Education, and a deep dive on the Software industry.

Questions? 1-888-937-0329 |

Veracode’s cloud-based service is a simpler and more scalable way to reduce application-layer risk across your entire global software infrastructure — including web, mobile and third-party applications — without hiring more consultants or installing more servers and tools. With Veracode's smart approach to application security, you can drive your innovations to market faster — without sacrificing security in the process.