It's here! Data junkies rejoice!
Today we're proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months. After lots of number crunching and a fair amount of head scratching, we've unearthed some intriguing findings that reflect the progress (or lack thereof) being made in securing the world's software.
Not convinced yet? Here are a few of the data points I found particularly interesting:
- Over the past 8 quarters, the prevalence of SQL Injection (% of web apps affected) has decreased slightly, but XSS has remained flat.
- Security products perform worse than most other software suppliers in terms of acceptable security quality on first submission.
- Over half of developers who take our Application Security Fundamentals exam receive a grade of C or lower.
- Security quality scores are similar for companies across all revenue brackets, and there is no discernible difference between public and private companies.
And there's a lot more where that came from. Plus histograms, whisker plots, linear regressions, and more! Download the full report to get all the juicy details, then come back here and tell us what you think. Enjoy!