VendorsVeracode
Veracode
Cybersecurity reports and statistics published by Veracode
8 categories4 reports
Research Reports
Reports and publications from Veracode
Recent Statistics & Reports
Java was found to be the riskiest language for AI code generation, with a security failure rate over 70%. Other major languages, such as Python, C#, and JavaScript, presented significant risk, with failure rates between 38 percent and 45 percent.
7/30/2025•
AI codeGen AIJava
50 percent of organisations now carry critical security debt, which is defined as flaws left open for longer than a year.
2/27/2025
The rate of applications passing the Open Worldwide Application Security Project (OWASP) Top 10 has increased by 63 percent over the past five years. It has more than doubled in 15 years.
2/27/2025
Leading organisations resolve over 10 percent of flaws monthly, whereas laggards address less than 1 percent.
2/27/2025
Leading organisations keep open-source critical debt under 15 percent, while 100 percent of critical debt is open source in lagging organisations
2/27/2025
The average time to fix security flaws has increased from 171 days to 252 days over the past five years. This is an increase of 327 percent since the report’s first volume 15 years ago.
2/27/2025
Leading organisations have flaws in fewer than 43 percent of applications, while lagging organisations exceed 86 percent.
2/27/2025
70% of security debt stems from third-party code and the software supply chain.
2/27/2025
Top performers remediate half of flaws in five weeks; lower-performing organisations take longer than a year.
2/27/2025
Less than 17 percent of applications in leading organisations carry security debt, compared with more than 67 percent in lagging ones.
2/27/2025
Showing 21-30 of 30 results