Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security teams are overwhelmed. Whether it’s alert overload, a growing backlog of vulnerabilities, or fragmented security data, there’s no finish line in sight. The State of Software Security 2025 report reveals that security debt is rising and flaws times are increasing. Meanwhile, the traditional tools many teams leverage fail to provide the context needed to track risks across the application lifecycle and, importantly, to prioritize them.

The State of Software Security (SoSS) 2025: A New View of Maturity, our 15th year publishing the report, highlights a critical shift in how organizations approach security maturity. This transition focuses on major risks and uses continuous feedback loops to identify and mitigate them. Key metrics such as flaw prevalence, fix capacity, fix speed, debt prevalence, and open-source debt are essential for benchmarking and improving security maturity.

Software supply chain security risks are mounting. As noted in Veracode’s State of Software Security (SoSS) report, organizations of all sizes are drowning in security debt, and a large portion of the critical debt can be attributed to third-party vulnerabilities.

AI coding assistants like GitHub Copilot are transforming the way developers write software, boosting productivity, and accelerating development cycles. However, while these tools generate code more efficiently, they also introduce new risks more efficiently—potentially embedding security vulnerabilities that could lead to severe breaches down the line. What is your plan for reducing risk from the vast amount of insecure code coming through agentic AI in software development?

The Digital Operational Resilience Act (DORA) is a landmark regulation designed to enhance the digital resilience of financial institutions in the EU. Effective from January 17, 2025, DORA mandates the development and maintenance of a robust ICT risk management framework. Here’s an overview of the five pillars and how the right software security measures can help you comply.

The Latin “vera” indicates truth or reality. When Veracode was founded, this was the essence of our focus – finding truth in code. And specifically, binaries; hence the original brand rooted with the “01”. Seventeen years later, we remain committed to our vision – a World where software is developed secure from the start – but to do so today, we are expanding our view, solidifying our point of view, and modernizing how you see us.

The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem.

How does the exponential advancement of technology impact the security landscape? It makes managing the fundamental risk of the technology, the software, exponentially more complex. From AI accelerating risky code production to cloud infrastructure increasing the attack surface, the world of application risk management is enduring a rapid transformation that needs immediate attention.

The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges.

In a digital world that’s evolving faster than ever, industry landscapes are shifting, and customer needs are becoming more complex. At Veracode, we recognize these fundamental changes in the application security space. That’s why Veracode strategically acquired Longbow Security, now rebranded as Veracode Risk Manager.