Veracode Report Tracks Security Flaws over the Application Lifecycle

By ADMIN Team

See insights from the 2023 State of Software Security report.

More than 74 percent of applications have at least one security flaw, according to Veracode’s 2023 State of Software Security report. Additionally, 69 percent have at least one OWASP Top 10 flaw, and more than 56 percent have at least one Common Weakness Enumeration (CWE) Top 25 flaw.

Application scanning, the report notes, can help shed light onto the types of flaws that exist as well as the occurrence of flaws over the application lifecycle.

“While over 30 percent of applications show flaws at the first scan, this number drops to approximately 22 percent shortly after before rising to 30 percent again at four years. The number of applications with new flaws then increases further to approximately 35 percent of applications over four and a half years old,” the report says.

Although applications grow at about 40 percent per year, the report says, “that trend is not matched by a commensurate number of new flaws. To the contrary, close to 80 percent of applications do not introduce flaws at all during this early life cycle phase.”

The report takes a deep dive into flaws occurring in Java, JavaScript, and .NET applications while also offering common sense advice for improving security. Overall, being informed and then vigilant is key, the report says.