Takeaways From Veracode's State of Software Security Report [Podcast]
This year's Veracode State of Software Security report explored security flaws in Java apps, a lack of fixes for security flaws in general, and the benefits of coaching.
Join the DZone community and get the full member experience.Join For Free
Veracode just published its latest “State of Software Security” report, get it here. Based on Veracode Platform data, these “SoSS” reports have been offering a goldmine of intelligence about how organizations are approaching AppSec since 2011. This year’s report is no different. Evan Schuman recently sat down with Veracode’s Director of Product Management Tim Jarrett to discuss the findings emerging from the latest report, and what they reveal about where organizations are seeing success securing their code, and where they’re not. For instance, they discuss:
- Why this year’s report found that a very high percentage (88%) of Java applications had at least one flaw in a component.
- Why the 2017 report found that, although organizations are wisely going after their most severe vulnerabilities first, we only see a fix rate of 37% for these severe flaws.
- The fact that remediation coaching improved fix rates by 88%, and why this strategy has such a big impact.
Listen to this discussion to hear more about the 2017 “State of Software Security” report and what the findings reveal about application security today.
Published at DZone with permission of Suzanne Ciccone. See the original article here.
Opinions expressed by DZone contributors are their own.