Cenzic announced their latest trend Report on Web Application Security for the first half of 2009, the report is based on the analysis performed on the vulnerability reports from various sources such as SecurityFocus, CVE, SANS, USCERT, SecurityTracker, and other third party databases.  


Some key highlights from the report include:

• The biggest surprise was Firefox that had 44% more vulnerabilities than the other browsers. Another surprise was Safari - as it usually contains few vulnerabilities, but came in at 35%; significantly higher than IE, which came in at 15%
• Sun Java, PHP, and Apache continue to be among the Top 10 vendors having the most severe vulnerabilities
• 78% of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX.
• Information Leaks, XSS, Authentication / Authorization and Session Management flaws continue to dominate.

The complete report is available here