Today we're releasing Volume 4 of our semi-annual State of Software Security report. This edition incorporates data from 9,910 application builds (twice as many as last time) analyzed via our cloud-based platform over the past 18 months. In this edition, we also discuss how the threat landscape has evolved during 2011 and how we've adapted our analysis and evaluation criteria to account for those changes. Here are a few of the highlights:
Application security performance declines steeply when the current threat landscape is taken into account in the evaluation criteria
XSS and SQL injection affect a higher proportion of government applications relative to other industry verticals
Greater knowledge of application security -- as derived from eLearning test scores -- is associated with improved security quality scores
Android applications with hard-coded crypto keys are more common than you might expect
Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.