Key Findings
Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.
VeracodeState of Software Security·Oct 29, 2025
Open-source VulnerabilitiesVulnerabilitiesremediationsecurity debt
63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.
VeracodeState of Software Security·Oct 29, 2025
Open-source VulnerabilitiesVulnerabilitiessecurity debt
Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.
VeracodeState of Software Security·Oct 29, 2025
Open-source VulnerabilitiesVulnerabilitiesremediation
77% of financial services organizations reported accruing some level of security debt.
VeracodeState of Software Security·Oct 29, 2025
Open-source VulnerabilitiesVulnerabilitiessecurity debt
The average flaw half-life for financial services organizations is 276 days, indicating it takes nearly a month longer to fix security issues than in other industries.
VeracodeState of Software Security·Oct 29, 2025
Open-source VulnerabilitiesVulnerabilities