Skip to main content
January 15, 2013

Global Enterprises Serve Up Risky S.O.U.P. Infographic

Software of Unknown Pedigree: SOUP. Once an industry buzzword around safety-involved or critical systems like medical software, this term deserves resurrection. Mid-size businesses and enterprises leverage more third-party software than ever for business-critical functions. Technology increasingly instills itself in every area of our daily lives, which is a trend that shows no sign of slowing and feels inevitable. The number of safety-involved and critical systems that run on software is increasing in parallel. From Near Field Communication technology to utilities, the growing landscape of software means one thing to hackers: opportunity. SOUP doesn't just deserve resurrection, it should be focused on. There's a reason identity theft is so commonplace that there's a movie being made about it. If your company stores sensitive customer data or controls any type of safety-critical software - which by the way, the list of companies that do these is growing rapidly, you need to be focusing on software security. And your focus should not only be on the software you produce; the software you resell, the software you package and put in front of customers or the software you purchase to operate your business-critical functions. Software security needs more focus, it needs widespread awareness. Global Enterprises Serve Up Risky S.O.U.P.

Add this Infographic to Your Website for FREE!


Small Version




Large Version



Infographic by Veracode Application Security


Veracode Security Solutions


iOS Security
Web Security
Mobile Phone Security
Internet Security Scan
Web Vulnerability Scanner
Facebook Security Tips
SQL Injection Attack
Android Mobile Security
Security Vulnerability Assessment
What is SDLC?

The Use of Vendor Supplied Software is Growing

Breakdown of Software Procurement in a Global Enterprise

  • 44% - Off the Shelf Vendors (COTS)
  • 28% - Outsourced Development
  • 15% - On-Demand (SaaS) Providers
  • 15% - Open Source Code
  • 7% - Mobile Apps Development

84% of Enterprises did not test vendor supplied applications



Why it's Important to Inspect Soup

82% of Enterprise Auditors are asking if vendor supplied software is secure

Some ingredients of S.O.U.P. may be harmful to your enterprise

Tender of Vendor-Supplied Software Inspection Failure Rate Possible Enterprise Side Effects
Customer Support Applications 80% Customer Data Loss
Security Applications 76% Gaps in enterprise security defenses against attackers
Business and IT Operations 72% Corporate IP theft or malicious process manipulation
Financial Applications 59% Increased fraud of financial data loss



No S.O.U.P. For You!

Enterprises from many industries are saying no to S.O.U.P. and inspecting vendor supplied applications

  • 21% - Financial Services
  • 14% - Software and IT Services
  • 14% - Technology
  • 6% - Telecommunications
  • 5% - Healthcare
  • 3% - Business Services
  • 3% - Entertainment and Media



Recipe Card for a Programmatic Approach to Vendor Software Security Testing

  1. Prep Time - 3 Months
  2. Test Time - 1-4 Weeks (use SaaS provider to compress testing time)
  3. Remediation Time - Weeks to Months
  4. Serves all Vendor Applications




  1. Determine the application security state of your current vendor management program and clarify the corporate mandate and goals for you new programs
  2. Define your security policy including acceptance criteria, exception criteria, escalation process, non-acceptable flaw types, testing methodologies, ect.
  3. Set realistic timelines for vendors to meet our new policy
  4. Communicate your new policy to your vendors and be prepared to address common vendor concerns
  5. Empower your security analysis team to proactively work with your vendors



Benefits of the Programmatic Approach

  No Formal Program A Programmatic Approach
Average Number of Vendors Participating 4 38 (appx 10% more)
Average Number of Applications Assessed 7 71
Percent of Applications Achieving Compliance 34% 52%
Percent of Applications Achieving Compliance 28% 45%
Percent of Non Compliant Applications that are Out of Compliance for More than Six Months 39% 20%


Neil is a Marketing Technologist working on the Content and Corporate teams at Veracode. He currently focuses on Developer Awareness through strategic content creation. In his spare time you'll find him doting over his lovely wife and daughter. He is a Co-Owner of CrossFit Amoskeag in Bedford NH, his favorite topic is artificial intelligence, and his favorite food is pepperoni pizza.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.