Skip to main content
April 24, 2012

Veracode State of Software Security Report – Feature Supplement on Public Companies

Today Veracode released a special supplement to the Veracode State of Software Security report, "Study of Software Related Cybersecurity Risks in Public Companies." This feature supplement hones in particularly on the vulnerabilities in the software applications of publicly traded companies, following new SEC guidance issued in the US last year relating to disclosure of cybersecurity risks in company filings. According to Chris Wysopal, CTO and Co-Founder of Veracode, "Companies can put all of the other cybersecurity controls in place but if there are application weaknesses, hackers have the will and time to find and exploit them. The issue simply cannot be neglected anymore. Over the last year some of the most prominent breaches that were carried out against the most preeminent names in business took advantage of weaknesses in software applications to infiltrate traditional perimeter defense security controls. This should be a wake up call. Particularly in public company disclosures, the issue needs to be discussed in much more detail". Some findings that emerged from the supplement include:

  • Public companies fare no better than companies at large on software security or developer knowledge
  • Reliance on third-party applications is widespread, but formal risk assessments are not.
  • Many companies defining custom policy chose to measure applications against PCI

To download the full report, click here. Report Methodology: This report captures data collected from 126 public companies over the past 18 months from applications that were submitted to Veracode’s cloud-based application security testing platform. These applications include both internally developed and those procured from third-party vendors. Earlier this year, Veracode released the State of Software Security Report Volume 4 which analyzed data from 9,910 application builds. You can access this report here.

Niru Raghavan joined the Veracode team in late 2011 as an Acquisition Marketing Manager. In this role, Niru is responsible for demand generation and program management primarily for online marketing programs. Prior to joining Veracode, Niru held positions of increasing responsibility at Liberty Mutual and Staples, successfully planning and implementing sophisticated online and offline marketing initiatives. She has managed product development efforts, launch activities and online marketing programs geared toward mid to large sized businesses in select vertical markets. Her specialties include product marketing, marketing strategy, and market research/analysis. She is also a keen web analytics enthusiast and Occam’s Razor by Avinash Kaushik is her all time favorite blog.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.