In financial services, application security risk is becoming a long game. Fewer flaws appear in new code, but old ones linger longer, creating a kind of software “interest” that keeps growing, according to Veracode’s 2025 State of Software Security report.
Researchers analyzed data from more than 1.3 million applications and 126 million security findings. Financial institutions perform better than average at preventing severe vulnerabilities, but they are slower to fix them and carry more long-term security debt than most other sectors.
Fewer flaws, but a plateau in progress
57% of financial sector applications had at least one security flaw during their latest static analysis scan. About 55% contained issues listed in…