SOURCE: Veracode


September 30, 2014 08:00 ET

4.5 Million Web and Mobile Applications to Remain Vulnerable at Global 2000 Companies

Study Reveals That Attack Surface Continues to Grow as App Portfolios Expand and 70 Percent of Apps Neglected for Security

BURLINGTON, MA--(Marketwired - Sep 30, 2014) - Veracode, a leader in protecting modern enterprises from today's pervasive web and mobile application threats, today announced that research conducted by IDG reveals there is a growing gap in application security programs at enterprises in the US and UK. The data shows that in 2015 enterprises will leave up to 70 percent of internally developed applications unaudited for common threats such as SQL injection. This means that the attack surface at Global 2000 firms will increase to an estimated 4.5 million web and mobile applications, based on the average number of applications produced by enterprises.

Recent large-scale breaches at retail organizations have demonstrated that cyber-criminals are using a variety of techniques to penetrate enterprises. Because enterprises have effectively locked down their networks, this leaves web and mobile applications as the path of least resistance. As enterprises continue to produce more applications in order to drive their businesses, their inability to scale current application security programs means only business-critical applications are audited for security. This leaves a significant number of web and mobile applications vulnerable, creating long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, without regard to whether the application is business-critical or a little-used web site.

"In order to close this gap, enterprises need a new and more scalable approach to application security that allows organizations to mature their programs with consistent enterprise-wide policies and metrics," said Pejman Pourmousa, director of security program management, Veracode. "Using an automated cloud-based service makes it possible for enterprises to keep pace with the speed of innovation without sacrificing security."

Veracode's cloud-based service offers an alternative to legacy, on-premises approaches. Because it is simpler and more scalable, the Veracode service will allow enterprises to close the growing application security gap, reducing risk at their organizations.

The IDG study asked executives at large enterprises about their application security programs and practices. The purpose of this study was to gain a better understanding of the enterprise application security environment, particularly for internally developed applications. The study also forecasted future application development, changes to security budgets, and application security vulnerabilities.

About Veracode
Veracode delivers the most widely used cloud-based service for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-criminals can find and exploit them, Veracode helps enterprises deliver innovation to market faster -- without sacrificing security.

Veracode's powerful cloud-based platform, deep security expertise and programmatic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

Recognized as a Gartner Magic Quadrant Leader since 2010, Veracode secures hundreds of the world's largest global enterprises, including 3 of the top 4 banks in the Fortune 100 and more than 25 of the world's top 100 brands. Learn more at, on the Veracode blog and on Twitter.

Contact Information

  • Media Contact:
    Bill Bode
    Highwire PR
    Email Contact
    415-963-4174, x49