Check out our semi-annual report representing the anonymized data from billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers in Veracode’s cloud-based application risk management services platform.
Register now to download your copy of the latest findings!
It’s here! Data junkies rejoice!
Today we’re proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months. After lots of number crunching and a fair amount of head scratching, we’ve unearthed some intriguing findings that reflect the progress (or lack thereof) being made in securing the world’s software.
Not convinced yet? Here are a few of the data points I found particularly interesting:
- Over the past 8 quarters, the prevalence of SQL Injection (% of web apps affected) has decreased slightly, but XSS has remained flat.
- Security products perform worse than most other software suppliers in terms of acceptable security quality on first submission.
- Over half of developers who take our Application Security Fundamentals exam receive a grade of C or lower.
- Security quality scores are similar for companies across all revenue brackets, and there is no discernible difference between public and private companies.