1、2025 STATE OFA NEW VIEW OF MATURITYContents03 Opening Letter04 Executive SummaryKey Findings07 15 Years of Special SoSS09 State of Software Security in 2025Finding FlawsFixing FlawsFighting Debt19 Comparing Software Security Program PerformanceFlaw PrevalenceFix CapacityFix SpeedDebt PrevalenceOpen-

2、Source Debt31 Conclusions&Recommendations 34 Methodology2025 STATE OF SOFTWARE SECURITY:A NEW VIEW OF MATURITY2Our research drives our own software security measures,and this year,in our 15th volume of this report,we seek to discover trends about where the most risk resides and what metrics can be u

3、sed to gauge progress against it.Plus,we want to compare program performance of leading and lagging organizations using these metrics.The gaps between the top 25%and bottom 25%are fascinating.Ultimately,realizing progress and maturity in software security requires a risk-based perspective.It takes f

4、ocusing on the downside risks that matter in your context and the actions that create continuous feedback loops to see and remediate risk in an ongoing fashion.This is easier said than done,so we hope you find the insights and guidance in this report as helpful as we have for improving security post

5、ure by adaptively securing mission-critical software in the artificial intelligence(AI)era.Sincerely,Opening letterNiels TanisSenior Principal Security ResearcherSohail Iqbal Chief Information Security Officer Chris Wysopal Chief Security Evangelist2025 STATE OF SOFTWARE SECURITY:A NEW VIEW OF MATUR

6、ITY3Executive Summary2025 STATE OF SOFTWARE SECURITY:A NEW VIEW OF MATURITY4In 2025,organizations face increasing threats to their software.The exploitation of vulnerabilities as the critical path to initiate a breach“almost tripled(180%increase)in the last year,”according to the Verizon 2024 Data B