Veracode, a global leader in application risk management, has released the EMEA findings from its annual State of Software Security (SoSS) 2024 report. The report highlights alarming levels of security debt in organizations across Europe, the Middle East, and Africa, with 68% of organizations harboring some form of security debt, and 46% facing high-severity persistent flaws, classified as “critical” security debt. These flaws represent serious risks to applications, raising the potential for catastrophic breaches.
- Security Debt in EMEA Organizations
- Security debt refers to software flaws left unfixed for over a year.
- Veracode’s research shows that 68% of EMEA organizations have security debt, while 46% have high-severity, critical flaws that present the greatest risk to applications.
- Challenges in Managing Security Debt
- Developers often struggle to triage and fix flaws, with manual methods causing delays.
- The average time to remediate flaws in third-party code is 19 months compared to 9 months for first-party code.
- Sources of Security Debt
- 84% of overall security debt originates from in-house (first-party) code, while 80% of critical security debt stems from third-party code.
- This reliance on third-party code poses a significant challenge, as these flaws often go undetected yet carry substantial risks.
- AI’s Role in Remediation
- While AI-generated code can contain flaws, AI-powered tools like Veracode Fix significantly reduce remediation times by automating vulnerability fixes.
- Veracode Fix has shortened the time to resolve common vulnerabilities from days to minutes, greatly enhancing developer productivity.
- Mitigating Security Debt
- Organizations should prioritize fixing critical security flaws that introduce the highest risks.
- Tools like Application Security Posture Management (ASPM), including Veracode’s Longbow, offer contextual analysis and prioritization guidance to reduce security debt efficiently.
Veracode’s 2024 SoSS report emphasizes the need for EMEA organizations to address critical security debt to prevent future breaches. AI-powered solutions and ASPM tools will play an essential role in scaling remediation efforts, helping businesses mitigate risks and improve application security.