Manufacturing and aerospace organizations had the highest OWASP pass rate on latest scan (30.5%) of any of our industry groupings. This could indicate that companies in this sector have application security programs that are more mature than other industries. This industry sector also had the lowest proportion of applications undergoing their first assessment (about 39%).
Retail and hospitality organizations ranked second in the rate of improvement in OWASP pass rate compared to 2016, seeing a 9% improvement. This is a positive indicator of maturing AppSec programs in an industry that has been plagued by data breaches in recent years.
A large proportion of tech companies exhibited DevOps behavior, with 2% of applications tested at least daily. Technology organizations had dramatically lower prevalence of major vulnerabilities such as cross-site scripting (8.6%), SQL injection (6.6%), cryptographic issues (16%), and credentials management (10.6%).