Veracode, the global leader in application risk management, today reinforced its position as the pioneer in holistic software security from code to cloud. Globally recognized as leading the transition from Application Security to Application Risk Management (ARM), Veracode delivers measurable returns on security investment for thousands of organizations across industries including finance, healthcare, retail, and the public sector. As AI adoption accelerates and open-source dependency soars, organizations face mounting threats that outpace traditional point-in-time controls. More than three quarters of organizations fell victim to cyberattacks over the past year. With the average time to fix security flaws now at 252 days, enterprises cannot afford to expose themselves to risk that has the potential to cripple their infrastructure. “We are operating in the most dangerous time for software security,” said Brian Roche, Veracode CEO. “Developers work faster than ever, which means vulnerabilities—if unchecked—can reach production at an unprecedented speed. Today, every line of code—whether written by developers, sourced from open-source libraries, or generated by AI—represents a potential risk that requires continuous defense.” Veracode’s State of Software Security 2025 report reveals half of organizations harbor critical security debt—vulnerabilities left unfixed for longer than a year. The company’s latest research found AI introduces security vulnerabilities 45 percent of the time. Supply chain attacks have surged more than 1,300 percent in the past three years, frequently originating from malicious or compromised open-source packages.

Full report : With AI Expanding the Attack Surface, Veracode Delivers “Always-on” Security With Proper Risk Management Strategies.

For more see the OODA Company Profile on Veracode.