Software Security Debt Is Spiraling Out Of Control - Remediation Times Have Surged 47% In The Last Five Years, And It's Pushing Teams To Breaking Point
ITPro, Thursday, February 27th, 2025
New research shows software security debt is growing in scale, with many flaws left unaddressed for months
Software security flaws are taking longer to fix than ever, new research shows, with remediation times having grown by 47% in the last five years.
Statistics from Veracode's 15th State of Software Security report show the average time it takes an organization to fix a vulnerability has risen from from 171 days in 2020 to 252 days today.
This marks a highly concerning increase, the study warned, and nearly triple what it took 15 years ago when the annual report was first issued.
"The attack surface has become increasingly complicated, particularly in the last couple of years with the explosion of AI engineering," said Chris Wysopal, chief security evangelist at Veracode.