Mon Sep 23 15:10:00 UTC 2024: ## EMEA Organizations Face Critical Security Debt, Veracode Research Finds
**London, UK – [Date]** – A new report from Veracode, a leading application security platform, reveals a concerning trend in EMEA: **68 percent of organizations have accumulated security debt**, with **46 percent harboring high-severity persistent flaws** considered “critical” security debt. These critical flaws represent the highest risk to applications and pose a significant threat to organizations’ cybersecurity posture.
The report, titled “State of Software Security 2024,” highlights the dangers of neglecting security vulnerabilities, which can accumulate over time due to resource constraints and prioritization challenges. “Security debt, defined as unfixed software flaws for over a year, is a ticking time bomb,” stated Chris Eng, Veracode’s Chief Research Officer. “Organizations need to prioritize remediation of critical security debt, as these flaws present the most significant risk.”
The research revealed that **EMEA organizations take an average of 19 months to remediate flaws in third-party code** using manual methods, compared to nine months for first-party code. This underscores the need for efficient and effective solutions to tackle the growing security debt.
**AI-powered remediation tools** are emerging as a crucial solution, helping developers and security teams automate vulnerability fixes. “Veracode Fix, our AI-powered remediation solution, has slashed fix times for common vulnerabilities from days to minutes,” Eng explained. “This significantly enhances developer productivity and allows organizations to address security debt more efficiently.”
The report also found that **84 percent of overall security debt stems from first-party code**, while **80 percent of critical security debt originates from third-party code**, which can be equally dangerous but often overlooked. This highlights the importance of managing security risks across the entire software supply chain.
**Recommendations for organizations include:**
* **Prioritize fixing critical security debt first.**
* **Leverage AI-powered remediation tools to accelerate vulnerability patching.**
* **Implement Application Security Posture Management (ASPM) tools** for continuous risk tracking and prioritization.
“Security leaders and developers need to be proactive in addressing security debt,” Eng emphasized. “By focusing on the most critical vulnerabilities and utilizing AI-powered solutions, organizations can significantly strengthen their security posture and mitigate the risk of breaches.”
**The full “State of Software Security 2024” report is available for download on the Veracode website.**
First Piper 