Case Study: Multi-National Banking Corporation achieves scalable global application security and dramatically lowers cost per exploitable vulnerability with Veracode

Global Bank Scales Application Security Program and Dramatically Lowers Cost per Exploitable Vulnerability

A global bank facing mounting post‑breach regulatory and business pressures moved from a decentralized, ad hoc approach to a mandated, enterprise‑wide application security program. Leadership required speed, scale and lower costs—covering hundreds of internally developed, outsourced and commercial applications across multiple development teams and six major outsourcing partners—while shifting testing earlier in the SDLC and meeting PCI, SOX, MAS and other regulations.

The bank adopted Veracode’s cloud platform and programmatic services—using APIs, centralized policies, automated onboarding, remediation coaching, software composition analysis and a Vendor Application Security Testing (VAST) process for third‑party software. The results were dramatic: testing accelerated (200 apps in six months vs. a 40‑app pilot goal), 750+ apps analyzed in two years, nearly 500 brought into compliance, remediation of more than 2,000 high vulnerabilities in 12 months, compliance up from 30% to 64%, and the cost to identify an exploitable vulnerability fell from €500 to €7.