"Security debt as 'known vulnerabilities left unresolved for more than a year' now affects 82 percent of companies, up from 74 percent a year ago. High-risk vulnerabilities, meaning flaws that are both severe and likely to be exploited, have risen from 8.3 percent to 11.3 percent."
"There is an accelerating pace of software releases causing new code to be added more quickly than existing vulnerabilities are addressed. The researchers see growing technical complexity too, attributed to more AI-generated code, which makes remediation more difficult."
"The number of apps with open source vulnerabilities has reduced from 70 percent to 62 percent, and the overall 'flaw prevalence' is down from 80 percent to 78 percent, suggesting some positive progress in vulnerability management."
Veracode's annual State of Software Security report analyzed 1.6 million applications and found that security debt—known vulnerabilities unresolved for over a year—now affects 82% of companies, up from 74%. High-risk vulnerabilities increased from 8.3% to 11.3%. The primary drivers are accelerating software release cycles and growing technical complexity from AI-generated code, which complicates remediation efforts. However, some improvements emerged: open source vulnerabilities decreased from 70% to 62%, and overall flaw prevalence dropped from 80% to 78%. Increased testing tool adoption likely contributes to higher vulnerability detection rates, potentially making the situation appear worse than reality.
#security-debt #vulnerability-management #ai-generated-code #software-development-velocity #application-security
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]