State of Software Security

Veracode, the company involved in application security testing, published a report on the finding from their assessments. This report represented 2,922 applications assessed by Veracode in the last 18 months. Some of their observations are below.

• More than half of all software failed to meet an acceptable level of security and 8 out of 10 web applications failed to comply with the OWASP Top 10
• Cross-site Scripting remains the most prevalent of all vulnerabilities
• No single method of application security testing is adequate by itself
• The security quality of applications from Banks, Insurance, and Financial Services industries was not commensurate with their business criticality

The complete report is available here.