scans analyzed for the report
The 2019 Veracode State of Software Security represents the 10th version of the report. Much like the application security industry, the report has evolved over the past 10 years to focus more on fix trends than on finding security defects. Like previous reports, SOSS volume 10 provides insights into the most common types of vulnerabilities, practices that lead to improved fix rates, and industry performance. The report found that the majority of flaws are remediated (56%) and that companies scanning more often carry about 5X less security debt than the lightest scanners. Why? Because these teams have automated security testing, have made security activities habitual, ensure that security issues stay top of mind, and end up fixing more flaws – suggesting DevSecOps practices improve overall software security.
Read the report to gain valuable perspective on the state of software security today.
The speed at which organizations fix flaws they discover in their code directly mirrors the level of risk incurred by applications. The faster organizations close vulnerabilities, the less risk software poses over time. But the sheer volume of open flaws within applications means that your development teams need to find effective ways to prioritize which flaws they fix first. Security debt can build up over time. We find that companies that combine integrating security into the development process with a dedicated program for addressing security debt are the most successful at reducing their overall risk.
Veracode vulnerability remediation consulting can help your organization put together an efficient remediation plan to eliminate application vulnerabilities.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.
*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.