Business Wire

Veracode Research Reveals 80% of Applications Developed in EMEA Contain Security Flaws

Share

Veracode, a leading global provider of intelligent software security, today released research indicating applications developed by organisations in Europe, Middle East and Africa tend to contain more security flaws than those created by their U.S. counterparts. Across all regions analysed, EMEA also has the highest percentage of ‘high severity’ flaws, meaning they would cause a critical issue for the business if exploited. High numbers of flaws and vulnerabilities in applications correlate with increased levels of risk, which is particularly notable as software supply chain cyberattacks dominate headlines in 2023.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230925296799/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Figure 1: Percent of applications that had a flaw found in their last scan over the last 12 months, by category. Lower numbers are better. (Graphic: Business Wire)

Researchers found that just over 80 percent of applications developed by EMEA organisations had at least one security flaw detected in their most recent scan over the last 12 months, compared to just under 73 percent of U.S. organisations. In addition, the percentage of applications containing ‘high severity’ flaws was the highest of all regions, at almost 20 percent.

“Our data shows that organisations globally are continuing to deploy a worrying number of applications with a high number of flaws in the CWE Top 25,” said Chris Eng, Chief Research Officer at Veracode. “We did, however, identify interesting regional differences, particularly in terms of third-party or open-source code usage and the ways in which vulnerabilities are introduced across the application lifecycle,” he continued.

Analysis of data collected from more than 27 million scans across 750,000 applications helped to produce Veracode’s latest annual report on the State of Software Security. This new report showcases the EMEA-specific findings from those scans and applications, including results from UK, Germany, France, Italy and across the Middle East and Africa.

Numbers alone don’t convey the consequences of hackers exploiting software vulnerabilities. With organisations across EMEA utilising an ever more complex mix of third-party software to deliver their services, the exploitation of a serious vulnerability can impact thousands of victims at once. Earlier this year, a vulnerability affecting printing software tools PaperCut MF and PaperCut NG was actively abused by threat actors. Up to 70,000 organisations in 200 countries became potential victims, and law enforcement reports found threat actors successfully compromised vulnerable entities in the education sector.

Java and Third-party Code Introduce Significant Security Flaws

The research identified notable regional differences in preferred language usage, with Java revealed to be the preferred language for developers in EMEA. Teams using Java were found to remediate flaws at a slower rate than those using .NET or JavaScript, causing many of these flaws to persist or remain undiscovered for significantly longer. Moreover, as over 95 percent of Java applications are comprised of third-party or open-source code, Java usage is a key factor in the higher percentage of vulnerabilities introduced into applications in the region. This highlights the importance of software composition analysis (SCA), which picks up flaws in open-source code, and the research found a higher proportion of flaws reported by SCA in EMEA than in other regions.

As generative AI continues to gain strong traction in software development, the risk of vulnerabilities from external sources increases. A study, presented at Black Hat in 2022, showed vulnerabilities in 40 percent of code that had been written by large language models trained on vast troves of unrefined data, including millions of public GitHub repositories. It is therefore vital organisations leverage SCA tools to find and fix flaws, empowering developers to take advantage of AI without compromising the security of applications.

Applications Become More Vulnerable Over Time

The research also showed new flaws continue to be introduced into EMEA applications at a far higher rate across the entire application lifecycle than in other regions. While EMEA organisations keep updating applications, there was less of a focus on quality. After a five-year timespan, 50 percent of applications in EMEA continue to introduce new flaws, compared to just over 30 percent for the rest of the world. Overall, the baseline chance that a flaw will be introduced in any given month was 27 percent.

As such, EMEA organisations would benefit from paying more attention to the latter portion of the application lifecycle and scanning applications more regularly. They should also prioritise security training for developers, with the research finding completion of 10 interactive security labs reduces the probability of flaw introduction from 27 percent to about 25 percent in any given month.

“This year’s State of Software Security report shines a light on the importance of security across the entire software lifecycle, as well as the urgent need to address risks posed by third-party and AI-generated code,” Eng added. “Whilst across the board globally we are still seeing a concerning volume of vulnerabilities, these figures are higher in EMEA across almost all measurements. Development teams in this region must take the opportunity to automate software security for regular scanning, and carefully consider their use of AI tools, both to increase security and empower developers.”

The Veracode State of Software Security EMEA 2023 recommends four actions software development teams can take to improve their cybersecurity posture and is available to download on the Veracode website.

The global Veracode State of Software Security 2023 report is available to download.

About the State of Software Security Report

The 13th volume of Veracode’s annual report on the State of Software Security examines historical trends shaping the software landscape and how security practices are evolving along with those trends. This year’s findings are based on the full historical data available from Veracode services and customers and represent a cross-section of large and small companies, commercial software suppliers, software outsourcers, and open-source projects. The report contains findings about applications that were subjected to static analysis, dynamic analysis, software composition analysis, and/or manual penetration testing through Veracode’s cloud-based platform.

About Veracode

Veracode is intelligent software security. The Veracode Software Security Platform continuously detects flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organisations, Veracode is the pioneer, continuing to redefine what intelligent software security means.

Copyright © 2023 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Katy Gwilliam
kgwilliam@veracode.com

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

The smarter E Europe: Smart Integration Saves Cash and Stabilizes Grids12.2.2025 18:52:00 EET | Press release

‘Accelerating Integrated Energy Solutions’ - this is the motto of The smarter E Europe 2025, which will take place this year from 7 to 9 May at Messe München.Smart integration is crucial in the evolving energy and mobility sectors. Energy management systems (EMS) for prosumers and businesses have shifted from a nice-to-have to a must-have, making them a key topic at this year’s event. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250212149082/en/ At The smarter E Europe 2025, visitors will find everything for the smart interaction of PV, storage, e-mobility and energy management. (Photo: Solar Promotion GmbH) GridX, a smart energy company, estimates that the European Home Energy Management System (HEMS) market will expand 11-fold by 2030 across Denmark, Germany, the UK, Italy, the Netherlands, Austria, Sweden, and Spain. This rapid growth reflects increasing demand and evolving regulations. Regulatory and market requirement

Dubai Achieves World’s Lowest Electricity Customer Minutes Lost (CML) at 0.94 Minutes Per Year, Breaking Its 2023 Record12.2.2025 18:37:00 EET | Press release

HE Saeed Mohammed Al Tayer, MD & CEO of Dubai Electricity and Water Authority (DEWA), announced that DEWA achieved the world’s lowest electricity Customer Minutes Lost (CML) in 2024, recording just 0.94 minutes per customer. This breaks its record of 1.06 minutes in 2023 and is significantly lower than the 15-minute average of leading European utilities. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250212414260/en/ HE Saeed Mohammed Al Tayer, MD & CEO of DEWA (Photo: AETOSWire) "We are guided by the vision and directives of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, to make Dubai the world’s best city for quality of life. To achieve this, we continuously develop Dubai's electricity and water infrastructure through innovation, which we adopt as a key approach to managing facilities through a smart and interconnected network. This enables us to deliver

Armis to Protect Cyber-Physical Systems with NVIDIA Cybersecurity AI12.2.2025 18:00:00 EET | Press release

Armis, the cyber exposure management & security company, today announced that its Armis Centrix™ platform will be enabled by NVIDIA BlueField-3 data processing units (DPUs) and, in the future, the NVIDIA Morpheus cybersecurity AI framework to comprehensively protect critical infrastructure while maintaining operational continuity. These integrations provide a secure, isolated environment for critical infrastructure sectors without impacting performance or operations. Armis Centrix™, Armis’ cyber exposure management platform, with NVIDIA BlueField-3 DPUs enables customers to safeguard critical OT systems at both the host and network level. “From the convergence of IT and OT environments to sophisticated cyber threats targeting cyber-physical systems, organizations face growing challenges in securing attack surfaces and managing their cyber risk exposure,” said Nadir Izrael, CTO and Co-Founder at Armis. “This integration with NVIDIA technologies extends the reach of Armis’ comprehensive,

MAG Participates in Blackburn Dubai Property Expo, Highlights Premium Development to British Buyers12.2.2025 16:51:00 EET | Press release

MAG, one of the UAE’s leading real estate developers, is set to participate in the Blackburn Dubai Property Expo, taking place on 22-23 February at Stanley House Hotel & Spa, UK. The developer will showcase its flagship project, The Ritz-Carlton Residences, Dubai, Creekside, part of the Keturah Resort, presenting a unique opportunity for an unparalleled lifestyle with unmatched service and amenities. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250212516764/en/ The Ritz-Carlton Residences, Dubai, Creekside at the Keturah Resort (Photo: AETOSWire) Dubai's real estate sector continues to see strong growth, driven by HNWIs seeking luxury developments. With nearly 740 branded residences globally and that figure expected to double by 2031, Dubai is a key player, with 140 projects in the pipeline. In H1 2024, branded residences made up 7.2% of all property transactions, generating $7.8 billion—12.6% of last year’s total transact

Inaugural SFA International Sporting Events concludes, with more than 35,000 SFA Expo visitors and over 40,000 Riyadh Marathon participants12.2.2025 16:39:00 EET | Press release

The Saudi Sports for All Federation (SFA) is celebrating the success of the inaugural 2025 SFA International Sporting Events, which combined the SFA Expo and the Riyadh Marathon. Held from February 5-7, 2025, the SFA Expo took place at the JAX District, while the Riyadh Marathon followed on February 8, 2025. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250212912259/en/ Inaugural SFA International Sporting Events concludes, with more than 35,000 SFA Expo visitors and over 40,000 Riyadh Marathon participants (Photo: AETOSWire) The SFA Expo attracted 35,359 visitors, with interactive sports zones, fitness classes, health exhibits, and engaging panel discussions, and a B2B lounge for industry professionals. The Primal Race functional fitness competition on February 7 was another major attraction. The 2025 Riyadh Marathon saw 40,494 participants from 131 countries, an impressive jump from 20,000 runners in 2024. It was organize

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye