Articles from Veracode

RSA Conference (booth #435)--Veracode, the global leader in application risk management, today announced Veracode Fix for Software Composition Analysis (SCA), an AI-powered solution to address software supply chain risk. The enhanced automated remediation engine—the next evolution of Veracode’s industry-leading Fix solution—enables organizations to detect and remediate open-source vulnerabilities easily, before code reaches production. Designed to integrate seamlessly into existing developer workflows, it delivers third-party updates and first-party code refactoring without breaking builds or disrupting development.

Veracode, the global leader in application risk management, today released its 2026 State of Software Security Report, revealing the widening gap between how fast organizations build software and how fast they can secure it. The report found 82 percent of organizations now harbor security debt—an 11 percent increase from the prior year—and that 60 percent of those organizations have security debt defined as “critical,” representing accumulated vulnerabilities severe enough to cause catastrophic damage to an organization if exploited. The report recommends adopting a “Protect, Prioritize, and Prove” strategy to meaningfully reduce risk in 2026 and beyond.

Veracode, the global leader in application risk management, today announced significant platform innovations introduced through the second half of 2025. Headlining the release is Package Firewall, an industry-leading preventive control for software supply chains, advancing the company’s mission to help organizations run secure software from code to cloud. With supply chain-related third-party breaches doubling year over year— from 15 to 30 percent according to the Verizon 2025 Data Breach Investigations Report— the need to strengthen security across the software ecosystem has never been greater.

Veracode, the global leader in application risk management, today released its 2025 State of Software Security (SoSS) Snapshot for the Financial Services Sector. The analysis reveals nearly two-thirds (63 percent) of banking, financial services, and insurance (BFSI) organizations harbor critical security debt—high-severity flaws left unfixed for longer than a year—a rate of 13 percentage points higher than the cross-industry average.

Veracode, the global leader in application risk management, has once again been positioned as a Leader in the 2025 Gartner® Magic Quadrant™ for Application Security Testing (AST)¹. This marks the company’s 11th consecutive time as a Leader since the report was first published. The analysis represents one of the industry’s most in-depth and unbiased evaluations of market competitors.

Veracode, a global leader in application risk management, today unveiled its 2025 GenAI Code Security Report, revealing critical security flaws in AI-generated code. The study analyzed 80 curated coding tasks across more than 100 large language models (LLMs), revealing that while AI produces functional code, it introduces security vulnerabilities in 45 percent of cases.

Veracode, a global leader in application risk management, today unveiled a suite of innovations that transform how enterprises approach security. The enhanced platform cuts vulnerability remediation time by up to 92 percent, while using proactive defense to prevent 60 percent of critical supply chain risk from ever entering organizations. These latest enhancements to Veracode’s Package Firewall and Risk Manager provide assurance, context, and continuity across the software development lifecycle.

Veracode, a global leader in application risk management, today announced a partnership with leading cloud security provider, Wiz, joining the Wiz Integration (WIN) platform. The alliance enhances WIN by bringing the power of Veracode Risk Manager (VRM) to the partner ecosystem, enabling customers to seamlessly integrate Wiz and Veracode solutions into their existing workflows.

Veracode, a global leader in application risk management, has been selected by Tecnimont Services’ business line dedicated to digital and energy services. The agreement sees the implementation of Veracode’s comprehensive application risk management platform through a technical collaboration that provides advanced security services to Tecnimont Services’ customers.

Veracode, a global leader in application risk management, today released its Public Sector State of Software Security 2025 report, revealing alarming trends in software security across government organizations. Drawing from an extensive analysis of 1.3 million unique applications and 126.4 million raw findings, the research shows 78 percent of public sector organizations are operating with significant security debt—flaws left unaddressed for more than a year. Moreover, 55 percent are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential.

AWS Re:Invent (booth #563)-- Veracode, a global leader in application risk management, today announced powerful innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem. The latest enhancements in Veracode Fix and Veracode Risk Manager, formerly known as Longbow Security, give developers the ability to build software, assess risk, and remediate at the click of a button in their preferred environment.

Veracode, a global leader in application risk management, today released new research that highlights the state of software security debt within the financial services sector. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76 percent of organizations in the financial services sector, with 50 percent of organizations carrying critical security debt.

Veracode, a global leader in application risk management, today unveiled the EMEA snapshot of its annual State of Software Security (SoSS) 2024 report, revealing worrying levels of security debt in organizations across Europe, the Middle East and Africa.

Veracode, a global leader in application risk management, today released a commissioned study conducted by Forrester Consulting on The Total Economic Impact™ (TEI) of Veracode’s Application Risk Management Platform. The study revealed that Veracode delivered a 184 percent return on investment (ROI) to customers over a three-year period, as well as a material Net Present Value and a payback period of less than six months.

Veracode, a global leader in application risk management, today announced the appointments of co-founder Chris Wysopal as Chief Security Evangelist and Jens Wessling as Chief Technology Officer (CTO).

Black Hat USA Conference (booth #2536) – Veracode, a global leader in application risk management, today announced platform innovations to help organizations uncover, prioritize, and reduce security debt across their growing attack surface. Universal Connector and Application Security Heatmap, the two newest capabilities from Longbow powered by Veracode, allow organizations to quickly connect findings from any source and see the applications that are contributing to the most risk. Together, the Universal Connector and the Application Security Heatmap provide clear, operational insight into assets and issues, allowing remediation actions to be prioritized by quantifiable risk.

Veracode, a global leader in application risk management, today announced the launch of its enhanced Veracode® Velocity™ Partner Program. The program enables new collaboration opportunities, empowering partners with innovative and comprehensive application and cloud risk management solutions across North America, LATAM, EMEA, and APAC. The expanded program introduces a simplified approach to working with resellers and value-added distributors.

Veracode, a global leader in application risk management, today released research revealing applications developed by public sector organizations have more security debt than those created by the private sector. Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59 percent of applications in the public sector, compared to the overall rate of 42 percent. The research analyzed public sector organizations in more than 25 countries across the globe.

Veracode, a global leader in application risk management, today announced platform innovations that set a new standard for developer-powered application security. New repo risk visibility and analysis from Longbow Security, powered by Veracode, speeds up remediation of application risk from code repositories to runtime images. The solution launches alongside Veracode Fix in the Integrated Development Environment (IDE) and Batch Fix to bridge the gap between development and security teams. These latest innovations help developers focus on the most critical tasks that drive value and differentiation.

Veracode, a global leader in application risk management, today announced the appointment of Brian Roche as Chief Executive Officer. Roche was formerly Veracode Chief Product Officer and his ascension to CEO completes a succession plan through which Sam King will step down after 17 years at the company.

Veracode, a global leader in application risk management, today announced the acquisition of Longbow Security, a pioneer in security risk management for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations effectively manage and reduce application risk across the growing attack surface.

Centrico Spa, part of Sella Group and a specialist in providing open banking systems for innovation-oriented financial institutions, has entered a collaboration with Veracode, a global leader in application security risk management. The deal will enhance the analysis, detection, and prioritization of flaws to expedite software fixes at every stage of Centrico’s application development life cycle.

AWS re:Invent booth #270 – Veracode, a global leader in intelligent software security, today announced product innovations to enhance the developer experience. The new features integrate security into the software development lifecycle (SDLC) and drive adoption of application security techniques in the environments where developers work.

Veracode, a leading global provider of intelligent software security, today released new research that unveils the key factors influencing flaw introduction and accumulation in the Financial Services sector. The security performance of financial applications generally outperforms other industries, with automation, targeted security training, and scanning via Application Programming Interface (API) contributing to a year-over-year reduction in the percentage of applications containing flaws.

Veracode, a leading global provider of intelligent software security, today released research indicating that applications developed by public sector organizations tend to have more security flaws than applications created by the private sector. The findings are notable because increased numbers of flaws and vulnerabilities in applications correlate with increased levels of risk. The research comes amid a flurry of recent initiatives by the federal government to strengthen cybersecurity, including efforts to reduce vulnerabilities in applications that perform critical government functions.

Veracode, a leading provider of intelligent software security solutions, has been positioned as a 10-time Leader in the 2023 Gartner Inc. Magic Quadrant for Application Security Testing—an in-depth evaluation of the market’s competitors. The company has been recognized as a Leader in the report every single time since it was first published.

Veracode, a leading provider of intelligent software security solutions, today announced its attainment of State Risk and Authorization Management Program (StateRAMP).

Veracode, a leading provider of intelligent software security solutions, today launches Veracode Fix, a new AI-powered product. Trained on Veracode’s proprietary dataset, Veracode Fix suggests remediations for security flaws found in code and open-source dependencies.

Veracode, a leading global provider of intelligent software security solutions, today announced the official opening of its new engineering facility in Prague, Czech Republic (Prague Engineering Centre). The center has been built in partnership with Accion Labs, a global provider of end-to-end software product engineering services, and will leverage expanded international support to deliver Veracode’s market-leading software security solutions.

Veracode, a leading global provider of modern application security testing solutions, has announced it has earned the 2023 Top Workplaces USA award, issued by Energage, a purpose-driven organization that develops solutions to build and brand Top Workplaces. The Top Workplaces program has a 15-year history of surveying more than 20 million employees and recognizing the top organizations across 60 markets for regional Top Workplaces awards.

Veracode, a leading global provider of modern application security testing solutions, today announced it has acquired Germany-based software security tool, Crashtest Security, a rising developer-oriented dynamic application security testing (DAST) product. The investment will enhance the existing DAST capabilities available as part of Veracode’s Continuous Software Security Platform and broaden customer access globally.

Veracode, a leading global provider of modern application security testing solutions, has been named one of the Top Places to Work in Massachusetts in the 15th annual employee-based survey project from The Boston Globe. The Top Places to Work 2022 issue published online at Globe.com/TopPlaces on the night of Wednesday, November 30 and will also be published in Globe Magazine on Sunday, December 4.

Veracode, a leading global provider of modern application security testing solutions, today revealed that almost three-quarters of applications in the retail & hospitality sector contain security flaws, but only 25 percent of these are fixed. Furthermore, 17 percent of these flaws are categorized as ‘high severity’, meaning they pose a serious risk to the business if exploited. With 76 percent of Americans planning to shop the Black Friday sales on 25 November*—and 56 percent planning to purchase entirely online**— retailers should take extra care to reinforce the security of their ecommerce systems, digital payment platforms, and supply chains.

Veracode, a leading global provider of application security testing solutions, today revealed that the manufacturing sector has the lowest number of software security flaws, dethroning financial services which took first place last year. The data was published in the company’s annual State of Software Security (SoSS) report v12, which analyzed 20 million scans across half a million applications in the manufacturing, healthcare, financial services, technology, retail, and government sectors.

Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform to include container security. This early access program for Veracode Container Security is now underway for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images.

Veracode, a leading global provider of application security testing solutions, today released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the middle of the pack for high-severity flaws, with 18 percent of applications containing a serious vulnerability, suggesting financial firms should prioritize identifying and remediating the flaws that matter most.

Veracode, a leading global provider of application security testing solutions, today announced the launch of the Veracode Velocity Partner Program. The objective of the program is to enable partners to grow their security practice quickly and profitably around Veracode’s cloud-native Continuous Software Security Platform, offering opportunities to accelerate deal closure, expand market share, and grow revenue.

Black Hat (booth #2428) – Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience. New features include extended integrations to support software composition analysis (SCA), a software bill of materials (SBOM) Application Programming Interface (API), and additional language and framework support for static analysis, further enhancing developers’ ability to secure software in the environments where they work.

Veracode, a leading global provider of application security testing solutions, today announced that the General Services Administration (GSA) has granted the company a Federal Risk and Authorization Management Program (FedRAMP) authorization.

Veracode, a leading global provider of application security testing (AST) solutions, today announced its Continuous Software Security Platform, which seamlessly embeds application security into the software development lifecycle (SDLC). The platform streamlines workflows by bringing together development and security teams to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process.

Veracode, a leading global provider of application security testing (AST) solutions, today announced it has been positioned as a Leader for the ninth consecutive time in the 2022 Gartner Inc. Magic Quadrant for Application Security Testing1. The company is the only vendor recognized as a Leader every single year since the report was first published.

Veracode, a leading global provider of application security testing solutions, has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors. Analysis of data collected from 20 million scans across half a million applications revealed these sector-specific findings as part of Veracode’s annual report on the State of Software Security (SOSS).

Veracode, a leading global provider of application security solutions today announced that TA Associates (“TA”), a leading global growth private equity firm, has signed a definitive agreement to make a significant growth investment in the company. Veracode’s current majority investor, Thoma Bravo, a leading software investment firm, will retain a minority position in the business. The transaction, which values Veracode at $2.5B, is expected to be completed in Q2 2022, subject to customary closing conditions.

Veracode, the largest global provider of application security testing solutions, today published new research that finds most applications are now scanned around three times a week, compared to just two or three times a year a decade ago. This represents a 20x increase in average scan cadence between 2010 and 2021. Scan frequency has also risen dramatically, with developers now testing more than 17 new applications per quarter—more than triple the number of apps scanned over the same period a decade ago. The Veracode State of Software Security (SoSS) v12, which analyzed more than half a million applications, reveals new data from a cross-section of large and mid-sized companies, commercial software suppliers, and open-source projects.

Veracode, the largest global provider of application security testing solutions, has secured its leadership position in the market for another year, closing 2021 with 13 percent revenue growth year over year. Once again, the company outperformed the “rule of 40”—a key success metric for SaaS businesses that analyzes growth rate plus profit margin—demonstrating the solid performance of a best-in-class software company.

Veracode, the largest global provider of application security testing (AST), has revealed usage data that demonstrates cybersecurity is becoming more automated and componentized in line with modern software architectures and development practices. The analysis of 5,446,170 static scans and more than 310,000 apps over a 13-month period from September 2020 to October 2021 found a startling 143 percent growth in the number of small apps, like APIs and microservices, and a 133 percent increase in automated scans run through APIs instead of manually.

Veracode, the largest global provider of application security testing (AST) solutions, today launched new research that finds nearly 80 percent of the time, third-party libraries are never updated by developers after being included in a codebase - despite the fact that more than two thirds of fixes are minor and non-disruptive to the functionality of even the most complex software applications. Open source libraries constantly evolve so what appears secure today may no longer be so tomorrow, potentially creating a significant security risk for software vendors and users. The Veracode State of Software Security (SoSS) v11: Open Source Edition analyzed 13 million scans of more than 86,000 repositories containing more than 301,000 unique libraries, and also surveyed nearly 2,000 developers to understand how they use third-party software.