Skip to main content
April 19, 2011

State of Software Security, Volume 3

It's here! Data junkies rejoice!

Today we're proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months. After lots of number crunching and a fair amount of head scratching, we've unearthed some intriguing findings that reflect the progress (or lack thereof) being made in securing the world's software.

Not convinced yet? Here are a few of the data points I found particularly interesting:

  • Over the past 8 quarters, the prevalence of SQL Injection (% of web apps affected) has decreased slightly, but XSS has remained flat.
  • Security products perform worse than most other software suppliers in terms of acceptable security quality on first submission.
  • Over half of developers who take our Application Security Fundamentals exam receive a grade of C or lower.
  • Security quality scores are similar for companies across all revenue brackets, and there is no discernible difference between public and private companies.

And there's a lot more where that came from. Plus histograms, whisker plots, linear regressions, and more! Download the full report to get all the juicy details, then come back here and tell us what you think. Enjoy!

Veracode Security Solutions

Chris Eng, Chief Research Officer, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.