1、Addressing the Threat of Security DebtState of Software Security2024Veracode State of Software Security 202402Veracode State of Software Security 202402Letter from the EditorArtificial Intelligence(AI)wasnt born last year,but 2023 was its coming-of-age party.The proliferation of AI-generated code br

2、ings with it insecure code at scale and the likelihood of it becoming security debt.Research indicates that code developed by AI contains about the same percentage of security flaws as that generated by humans.Other research suggests that programmers with a variety of experience levels fail to ident

3、ify incorrect ChatGPT answers more than a third of the time.While AI allows more code to be written more quickly,it does not deliver more secure code.The result is more risk introduced into your code base in the same amount of time.The regulatory landscape has also evolved in the past year,with the

4、US White House Executive Order on the Safe,Secure,and Trustworthy Development and Use of Artificial Intelligence,the European Unions Cyber Resilience Act,and the US Security and Exchange Commissions Rules on Cybersecurity Risk Management,Strategy,Governance,and Incident Disclosure by Public Companie

5、s all coming into effect.Its within this context that we explored Veracodes 18 years of data to answer questions about the accumulation of risk associated with insecure code.Its not news that applications contain security flaws,but we are excited to share insights on where,how,and why flaws persist

6、over time.In this years report,our 14th,we do a deep dive into the distribution of security debt within applications,across industries and languages.We also continue the conversation that we began in last years report regarding risks associated with how developers choose open-source libraries for th