Veracode：2025年度全球软件安全状况报告：成熟度新视角（英文版） .docxVIP

2025STATEOF

ANEWVIEWOFMATURITY

2025STATEOFSOFTWARESECURITY:ANEWVIEWOFMATURITY

Contents

03OpeningLetter

04ExecutiveSummary

KeyFindings

07

15YearsofSpecialSoSS

09

StateofSoftwareSecurityin2025

FindingFlawsFixingFlaws

FightingDebt

19

ComparingSoftwareSecurityProgramPerformance

FlawPrevalenceFixCapacity

FixSpeed

DebtPrevalenceOpen-SourceDebt

31

ConclusionsRecommendations

34Methodology

2

2025STATEOFSOFTWARESECURITY:ANEWVIEWOFMATURITY

Opening

letter

Ourresearchdrivesourownsoftwaresecuritymeasures,andthisyear,inour15thvolumeofthisreport,weseektodiscovertrendsaboutwherethemostriskresidesandwhatmetricscanbeusedtogaugeprogressagainstit.Plus,wewanttocompareprogramperformanceofleadingandlaggingorganizationsusingthesemetrics.Thegapsbetweenthetop25%andbottom25%arefascinating.

Ultimately,realizingprogressandmaturityinsoftwaresecurityrequiresarisk-basedperspective.Ittakesfocusingonthedownsiderisksthatmatterinyourcontextandtheactionsthatcreatecontinuousfeedbackloopstoseeandremediateriskinanongoingfashion.

Thisiseasiersaidthandone,sowehopeyoufindtheinsightsandguidanceinthisreportashelpfulaswehaveforimprovingsecurityposturebyadaptivelysecuringmission-criticalsoftwareintheartificialintelligence(AI)era.

Sincerely,

NielsTanisSeniorPrincipal

SecurityResearcher

SohailIqbalChiefInformationSecurityOfficer

ChrisWysopalChiefSecurityEvangelist

3

2025STATEOFSOFTWARESECURITY:ANEWVIEWOFMATURITY

Executive

Summary

4

2025STATEOFSOFTWARESECURITY:ANEWVIEWOFMATURITY

Iwontsay

ImusingAItogeneratecode…

In2025,organizationsfaceincreasingthreatstotheirsoftware.Theexploitationofvulnerabilitiesasthecriticalpathtoinitiateabreach“almosttripled(180%increase)

inthelastyear,”accordingtotheVerizon2024DataBreachInvestigationsReport.

Meanwhil