Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Veracode

Below you will find reports with the source of “Veracode”

image from 2024 State of Software Security Report

2024 State of Software Security Report

This report represents organizations that are proactively integrating tools like Veracode into their AppSec programs. Organizations without scanning integrated into their development processes will likely have a higher prevalence of security flaws than shown here. The results do show a steady downward trend over the last eight years. We’re particularly encouraged to see that the prevalence of high-severity flaws has dropped to half of what it was back in 2016.

(more available)
Added: May 2, 2024
image from State of Software Security v12

State of Software Security v12

This report looks at the entire history of active applications, not just the activity associated with the application over one year. By doing so, we can view the full life cycle of applications, which results in more accurate metrics and observations. Aside from looking at the past, this report also imagines the future by considering practices that might help improve application security.

(more available)
Added: February 10, 2022
image from State of Software Security v11: Open Source Edition

State of Software Security v11: Open Source Edition

Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely.

(more available)
Added: June 22, 2021
image from State of Software Security: Volume 11

State of Software Security: Volume 11

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

(more available)
Added: October 27, 2020
image from State of Software Security: Open Source Edition

State of Software Security: Open Source Edition

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem.

(more available)
Added: May 19, 2020
image from Exploring Coordinated Disclosure: Shedding Light on Perceptions and Experience in How Software Vulnerabilities are Reported

Exploring Coordinated Disclosure: Shedding Light on Perceptions and Experience in How Software Vulnerabilities are Reported

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

(more available)
Added: February 12, 2020
image from State of Software Security Volume 10

State of Software Security Volume 10

This report goes in depth on the state of software security, going into overall security, application security testing, how flaws are and are not equal, and security debt.

(more available)
Added: November 25, 2019
image from State Of Software Security Volume 9

State Of Software Security Volume 9

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). One thing we’ve always wanted to understand better, though, is how quickly these organizations are actually fixing flaws once they’ve been identified in application security scans. This year, we turned our data analysis up a notch by working with the data scientists at Cyentia Institute, so that we could gain better visibility into the factors that go into fixing flaws. Readers will find valuable insight on how factors like flaw severity, business criticality of applications, and exploitability of the flaws change the rate at which certain vulnerabilities are fixed.”

(more available)
Added: November 4, 2018
image from State of Software Security Volume 7

State of Software Security Volume 7

Veracode’s intention is to provide security practitioners with tangible AppSec benchmarks with which to measure their own programs against. They’ve sliced and diced the numbers to offer a range of perspectives on the risk of applications throughout the entire software lifecycle. This includes statistics on policy pass rates against security standards, the statistical mix of common vulnerability types found in applications, flaw density and average fix rate.

(more available)
Added: October 18, 2018
image from Cyber Security in the Boardroom

Cyber Security in the Boardroom

The, NYSE Governance Services, in partnership with Veracode, surveyed nearly 200 directors of public companies representing a variety of industries—including financial services, technology, and health care—to discover how they view cybersecurity in the boardroom. Their goal was to gain insight into how cybersecurity is being understood, prioritized, and addressed at the board level.

(more available)
Added: October 17, 2018
image from State of Software Security Volume 8

State of Software Security Volume 8

In this, the eighth volume of this report, they present metrics that are based on real application risk postures, drawn from code-level analysis of nearly 250 billion lines of code across 400,000 assessmnets performed over a period of 12 months between April 1, 2016 and March 31, 2017.

(more available)
Added: October 16, 2018
image from Achieving A Competitive Advantage Through Application Security

Achieving A Competitive Advantage Through Application Security

This paper provides 5 key takeaways from a survey of IT professionals and executives who make software purchasing decisions for their organization.

(more available)
Added: October 15, 2018
© Cyentia Institute 2025
Library updated: July 2, 2025 00:08 UTC (build b1d7be4)