Cybersecurity Insights with Contrast CISO David Lindner | 02/27/25

Insight #1 - Veracode report: Flaw fix times increase 47% since 2020

Veracode’s 2025 State of Software Security report exposes a troubling trend — flaw fix times have surged 47%, jumping from 171 days in 2020 to 252 days in 2025. 

This staggering delay highlights the failures of outdated SAST tools, proving they can’t keep up with today’s complex software environments. 

Insight #2 - CVE volume increases 65% in 2025

CVE numbers have risen 65.32% in 2025, reaching 4,287 and counting — an average of 138 new vulnerabilities per day.  With an average CVSS score of 6.60, these aren’t minor flaws — they’re serious risks waiting to be exploited. 

Traditional security playbooks and outdated scanning tools are struggling to keep up. Application Detection and Response (ADR) is no longer optional — it’s critical for tackling real time threats.

Source:  Jerry Gamblin  • Principal Engineer at Cisco Threat Detection & Response

Insight #3 - UK’s request for Apple to unlock encrypted data raises security concerns

The UK’s attempt to compel Apple to unlock encrypted data — without informing US intelligence — raises important questions about privacy, government oversight, and global trust. 

This move could set a precedent for future demands on tech companies, putting user security at risk. Transparency is critical to ensuring encryption policies are handled with accountability, not secrecy.