Veracode 2025 Year in Review: Scaling Security for a New Era

This year, the cybersecurity landscape shifted. Between the rapid adoption of AI-generated code and the increasing complexity of software supply chains, security teams faced unprecedented challenges. According to IBM’s annual Cost of a Data Breach Report, the global average cost of a data breach in 2025 was USD 4.44 million. Organizations needed more than just tools; they needed a partner capable of moving at the speed of modern development.

At Veracode, we met this moment with precision and scale. We spent 2025 expanding our platform, publishing critical research, and helping our customers fix flaws faster than ever before. As we close the year, we are looking back at the data, the innovations, and the recognition that defined our work over the last 12 months.

Security by the Numbers

In 2025, the volume of software being produced skyrocketed. Our platform activity reflects this massive surge in development. We did not just identify risks; we empowered teams to remediate them.

Here is what we achieved together this year:

• 420 Trillion Lines of Code Scanned: We analyzed a record-breaking volume of code, ensuring visibility across diverse environments.
• 204 Million Flaws Found: Our detection engines worked tirelessly to uncover vulnerabilities before threat actors could exploit them.
• 131 Million Flaws Fixed: This is the most important metric. You acted on the data, closing the door on millions of potential entry points.

These numbers demonstrate a shift in the industry. Teams are no longer just scanning for compliance; they are actively reducing technical debt and building security into the DNA of their software.

Innovation: Defending the Supply Chain

Attackers continued to target the software supply chain in 2025. To counter this, we focused our product development, acquisition and technology partnership efforts on giving you better control over what enters your codebase.

In May, we launched External Attack Surface Management (EASM). You cannot secure what you cannot see. Our EASM capabilities now provide a continuous outside-in view of your digital footprint, identifying exposed assets that traditional scans might miss.

In June, we introduced Malicious Package Detection via Veracode Package Firewall. These tools allow developers to use open-source libraries with confidence, automatically blocking compromised components before they jeopardize the build.

Industry Recognition and Awards

Our commitment to excellence garnered significant attention this year. We are proud to be recognized by both the customers who use our platform daily and the analysts who study the market.

Customer and Press Accolades

We received the TrustRadius Top Rated 2025 and Buyers Choice 2025 awards. These honors mean the most because they come directly from user feedback.

In the press, we cemented our status as industry leaders:

• The CRN Security 100: Named one of the “20 Coolest Web, Email and Application Security Companies Of 2025”
• Newsweek: America’s Best Cybersecurity Companies
• CyberScoop 50: Chris Wysopal, Veracode’s Co-founder & Chief Security Evangelist, was honored for his visionary leadership in the field

Analyst Validation

Major firms continued to validate our market position. We were named a leader in key reports that guide purchasing decisions globally, including the IDC MarketScape, the Forrester SAST Wave, and the Gartner Magic Quadrant (MQ).

Leading the Conversation on AI and Risk

2025 was the year AI reshaped coding faster than ever. We led the conversation on the risks and rewards of this technology.

Our inaugural 2025 GenAI Code Security Report and the 2025 State of Software Security (SoSS) Report provided the data-backed insights organizations needed to navigate this transition. We proved that while AI increases speed, it requires rigorous oversight.

Top-tier media outlets turned to Veracode for expertise on these emerging threats:

• Forbes highlighted our analysis on how OpenAI’s new models are impacting code security
• ISMG featured our insights on the question: “When AI Writes Code, Who Fixes the Flaws?”
• Dark Reading covered some of our findings from the 2025 GenAI Security Report
• TechStrong TV hosted Chris Wysopal to discuss the 2025 SoSS Report

We also drove discussions on broader business impact, with coverage in the CRN CEO Outlook, SC Media’s coverage of our acquisition of Phylum technology (Package Firewall), and most recently, a CNBC documentary that underscores how Veracode redefines application risk management, enabling secure innovation at speed.

Looking Ahead to 2026

The achievements of 2025 set a strong foundation, but security never sleeps. As we move into the new year, our mission remains clear: to build the most comprehensive, integrated, and efficient application security platform in the world.