The growing divide: security struggles to keep up with software development

Veracode's latest report highlights the widening gap between rapid software development and slower security measures, posing potential risks for organisations worldwide.

In its 2026 State of Software Security Report, Veracode, a global application risk management provider, highlights a widening gap between software development speed and security efforts. The report shows that 82% of organisations are dealing with security debt — an increase of 11% compared with the previous year.

Of those organisations, 60% are categorised as having “critical” security debt, meaning accumulated vulnerabilities that could cause significant damage if exploited. To address this, the report recommends adopting a “Protect, Prioritize, and Prove” approach to reduce risk in 2026 and beyond.

Now in its 16th edition, the report analysed more than 1.6 million unique applications across enterprises, commercial software suppliers, software outsourcing providers, and open-source projects globally. It identifies a clear imbalance between rapid development cycles and the pace at which vulnerabilities are remediated.

While detection capabilities have improved, unresolved vulnerabilities continue to accumulate. High-risk vulnerabilities have increased by 36% year-over-year, defined as flaws that are both severe and highly exploitable.

The findings suggest that high-risk vulnerabilities require stronger prioritisation, moving beyond generic severity scoring toward assessments based on real-world attack potential. Security debt is also influenced by greater reliance on open-source components, which account for 66% of the most persistent vulnerabilities.

To reduce these risks, Veracode recommends a strategic framework centred on Prioritize, Protect, and Prove, enabling organisations to focus on safeguarding their most critical systems and applications that hold essential data.

The report also notes the impact of AI on the landscape, introducing new high-risk vulnerability patterns while AI-driven remediation tools begin to offer additional support in closing gaps.

As organisations manage growing security debt, the emphasis is on prioritising the most significant risks rather than attempting to eliminate every vulnerability, while maintaining alignment with security and compliance requirements.
Cognizant has introduced Neuro AI Trust, a platform designed to support AI governance by providing...
Financial services are leveraging AI for security but face visibility and complexity challenges in...
Vertiv opens a new manufacturing hub in Johor to help meet the rising demand for AI and...
Kyndryl's latest report reveals a decline in workforce readiness for AI and highlights the...
Verkada partners with NVIDIA to advance AI in physical security and operations, enhancing safety...
As UK firms increase AI utilisation, managing and understanding costs is becoming an important...
An examination of how Atlassian’s Rovo and Teamwork Graph introduce AI-driven automation into...
Marketplacer has integrated with Snowflake’s Marketplace Capability Delivery (MCD) Program,...