In financial services, application security risk is becoming a long game. Fewer flaws appear in new code, but old ones linger longer, creating a kind of software “interest” that keeps growing, according to Veracode’s 2025 State of Software Security report. Researchers analyzed data from more than 1.3 million applications and 126 million security findings. Financial institutions perform better than average at preventing severe vulnerabilities, but they are slower to fix them and carry more long-term security debt than most other sectors. 57% of financial sector applications had at least one security flaw during their latest static analysis scan. About 55% contained issues listed in the OWASP Top 10, and 40% were tied to the CWE Top 25 most dangerous software weaknesses. Only 8% of financial applications had high-severity flaws, compared to 16% across all industries. These figures show that financial firms are identifying and preventing critical issues better than most. Yet, progress has stalled since 2021. After several years of improvement, the rate of vulnerable applications has leveled off, suggesting that organizations are struggling to push risk lower.

Full report : Veracode publishes its 2025 State of Software Security report, finds fewer flaws appear in new code, but old ones linger longer.

For more see the OODA Company Profile on Veracode.