Cyberstats

Security Intelligence

VendorsVeracode

Veracode

Cybersecurity reports and statistics published by Veracode

8 categories2 reports

Research Reports

Reports and publications from Veracode

State of Software Security

10/29/2025

2025 GenAI Code Security Report

7/30/2025

Recent Statistics & Reports

Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.

11/1/2025
Open-source VulnerabilitiesVulnerabilitiesremediation

77% of financial services organizations reported accruing some level of security debt.

11/1/2025
Open-source VulnerabilitiesVulnerabilitiessecurity debt

The average flaw half-life for financial services organizations is 276 days, indicating it takes nearly a month longer to fix security issues than in other industries.

11/1/2025
Open-source VulnerabilitiesVulnerabilities

Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.

11/1/2025
Open-source VulnerabilitiesVulnerabilitiesremediation

63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.

11/1/2025
Open-source VulnerabilitiesVulnerabilitiessecurity debt

LLMs failed to secure code against cross-site scripting (CWE-80) in 86% of cases.

7/30/2025
AI codeGen AILLMs

AI-generated code introduces security vulnerabilities in 45% of cases.

7/30/2025
AI codeGen AISecurity vulnerabilities

When given a choice between a secure and insecure method to write code, GenAI models chose the insecure option 45% of the time.

7/30/2025
AI codeGen AISecurity vulnerabilities

In 45% of all test cases, LLMs introduced vulnerabilities classified within the OWASP Top 10.

7/30/2025
AI codeGen AILLMs

Java was found to be the riskiest language for AI code generation, with a security failure rate over 70%. Other major languages, such as Python, C#, and JavaScript, presented significant risk, with failure rates between 38 percent and 45 percent.

7/30/2025
AI codeGen AIJava

LLMs failed to secure code against log injection (CWE-117) in 88% of cases

7/30/2025
AI codeGen AILLMs

Top Categories

AI code
6
Gen AI
6
Open-source Vulnerabilities
5
Vulnerabilities
5
security debt
3
LLMs
3
remediation
2
Security vulnerabilities
2

Related Vendors

Harmonic Security
7 stats
LevelBlue
10 stats
ReliaQuest
6 stats
Endor Labs
6 stats
Forescout
9 stats
Wallarm
7 stats