Financial services organizations face a critical application security paradox: while more applications are achieving secure-by-design benchmarks against the OWASP Top 10, the time required to remediate discovered flaws has increased dramatically over the past 15 years.

As development cycles accelerate and applications grow larger and more complex, security debt - unresolved vulnerabilities over a year old - has become endemic across the industry, with critical flaws disproportionately concentrated in open-source dependencies.

This session, led by Chris Wysopal, chief security evangelist at Veracode, will cover:

• The growing gap between vulnerability discovery and remediation;
• Generative AI code security findings: vulnerability rates across major LLMs and programming languages, and why AI tools have not improved over two years;
• Fixed capacity as a key metric: how organizations without security debt differ from those carrying long-term vulnerabilities.