Many companies defining custom policy chose to measure applications against PCI: Over 40 percent of public companies who defined a custom policy chose to measure their application against PCI or the OWASP Top 10 standard which underpins PCI. The main focus is on vulnerabilities that are most frequently exploited such as SQL Injection and Cross-site scripting.
This Study of Software Related Cybersecurity Risks in Public Companies captures data collected from 126 public companies over the past 18 months from applications that were submitted to Veracode’s cloud-based application security testing platform. These applications include both internally developed and those procured from third-party vendors.
One of the goals of the State of Software Security Report is to create greater awareness and security intelligence about the risks of unknown vulnerabilities lurking in everyday applications. The results are aimed at creating a greater sense of urgency around the problem of insecure software, while also giving organisations the information they need to quickly take action. Veracode also emphasises the ease with which organisations can incorporate software testing into current development cycles.
Download the Report
Veracode’s Study of Software Related Cybersecurity Risks in Public Companies examines additional software security topics in context of application threat space trends, including details on the most commonly exploited vulnerabilities, risks associated with public company software applications, as well as factors driving application security policies in public companies. For complete report findings, download a copy of the report by visiting: http://www.veracode.com/soss