Software Security
Cybersecurity statistics about software security
Showing 1-18 of 18 results
In the first 63 days of the Anthropic Claude Mythos Preview, Mythos disclosed 1,596 verified vulnerabilities across 281 open-source projects.
Malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.
Three of four Chinese LLMs generate hidden security vulnerabilities when prompted with a U.S. government persona.
More than 15,200 new software vulnerabilities were disclosed in Q1 2026, including nearly 3,900 classified as high risk.
40% of security practitioners say they are keeping up well with the increased volume of code requiring security review.
62% of security teams say keeping up with increased engineering delivery is getting harder.
66% of security practitioners spend more than half their time manually validating findings rather than resolving the underlying vulnerabilities.
69% of security practitioners at mid-sized organizations report growing difficulty keeping up with increased code volume.
100% of surveyed cybersecurity practitioners report increased engineering delivery over the past twelve months.
Nearly 60% of security practitioners say they are able to keep up with the increased code volume for now, but it is getting harder.
80% of enterprises were not prepared to meet software supply chain security requirements in 2024.
49% of surveyed cybersecurity practitioners attribute most or all of the increased engineering delivery to AI-assisted coding tools.
60% of organizations generate SBOMs.
Organizations that get verifiable transparency data from vendors see 61.6% quicker resolution of security issues.
More than four out of five CISOs oversee secure software development (DevSecOps).
AI-generated code results in 15–18% more security vulnerabilities per line of code compared to human-written code.
Organizations that effectively track and manage open source dependencies are 85% more prepared to secure open source software compared to the overall average of 57%.
More than half (58%) of respondents require third-party penetration test reports to validate software security.