Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles. 2026 findings against the 2025 baseline (Source: Veracode) The analysis spans 1.6 million unique applications that underwent static analysis, dynamic analysis, software composition analysis, and manual penetration testing through Veracode’s platform. The scope covers commercial software suppliers, outsourcers, and open source … More → The post Security debt is becoming a governance issue for CISOs appeared first on Help Net Security.