VERACODE State of Software Security Report - Vol 2

Veracode’s State of Software Security is the first report of its kind to provide security intelligence derived from multiple testing methodologies (static, dynamic, and manual) on the full spectrum of application types (components, shared libraries, web, and non-web applications) and programming languages (including Java, C/C++, and .NET) from every part of the software supply chain on which organizations depend. It represents intelligence gleaned from analyzing billions of lines of code submitted to Veracode for independent verification of software security from more than 15 industries.

More...


Executive Summary

The following are some of the most significant findings in the State of Software Security Volume 2, representing 2,922 applications assessed in the last 18 months by Veracode SecurityReview®, a cloud-based application risk management services platform.

• 1. More than half of all software failed to meet an acceptable level of security and 8 out of 10 web applications failed to comply with the OWASP Top 10.
• 2. Cross-site Scripting remains the most prevalent of all vulnerabilities
• 3. Third-party applications were found to have the lowest security quality
• 4. Developers repaired security vulnerabilities quickly
• 5. Suppliers of Cloud/Web applications were the most requested third-party assessments
• 6. No single method of application security testing is adequate by itself
• 7. The security quality of applications from Banks, Insurance, and Financial Services industries was not commensurate with their business criticality

Volume 2 (36 Pages) - September 22nd, 2010
Download: VERACODE State of Software Security Report - Vol 2 (Ingles)

Download:  State of Software Security Report Volume 1 (Ingles)