Today CA Veracode released a special supplement to the CA Veracode State of Software Security report, "Study of Software Related Cybersecurity Risks in Public Companies." This feature supplement hones in particularly on the vulnerabilities in the software applications of publicly traded companies, following new SEC guidance issued in the US last year relating to disclosure of cybersecurity risks in company filings. According to Chris Wysopal, CTO and Co-Founder of CA Veracode, "Companies can put all of the other cybersecurity controls in place but if there are application weaknesses, hackers have the will and time to find and exploit them. The issue simply cannot be neglected anymore. Over the last year some of the most prominent breaches that were carried out against the most preeminent names in business took advantage of weaknesses in software applications to infiltrate traditional perimeter defense security controls. This should be a wake up call. Particularly in public company disclosures, the issue needs to be discussed in much more detail". Some findings that emerged from the supplement include:
To download the full report, click here. Report Methodology: This report captures data collected from 126 public companies over the past 18 months from applications that were submitted to CA Veracode’s cloud-based application security testing platform. These applications include both internally developed and those procured from third-party vendors. Earlier this year, CA Veracode released the State of Software Security Report Volume 4 which analyzed data from 9,910 application builds. You can access this report here.