Software Development Teams Struggle As Security Debt Reaches Critical Levels
ITProToday, Thursday, March 6th, 2025
A Veracode report finds that security flaw fix times are up 47%, to 252 days, with half of companies facing critical debt, mostly from third-party code.
Software development teams face mounting challenges as security vulnerabilities pile up faster than they can be fixed.
That's the key finding of Veracode's 15th annual State of Software Security (SoSS) report. The comprehensive study reveals that the average time to fix security flaws has increased to 252 days - an alarming 47% increase in just five years and a staggering 327% rise since the report's inception 15 years ago. The study analyzed 1.3 million unique applications containing 126.4 million raw findings, including 107.4 million findings from static analysis, 3.9 million from dynamic analysis, and 15 million from software composition analysis.