Today we're releasing Volume 4 of our semi-annual State of Software Security report. This edition incorporates data from 9,910 application builds (twice as many as last time) analyzed via our cloud-based platform over the past 18 months. In this edition, we also discuss how the threat landscape has evolved during 2011 and how we've adapted our analysis and evaluation criteria to account for those changes. Here are a few of the highlights:
- Application security performance declines steeply when the current threat landscape is taken into account in the evaluation criteria
- XSS and SQL injection affect a higher proportion of government applications relative to other industry verticals
- Greater knowledge of application security -- as derived from eLearning test scores -- is associated with improved security quality scores
- Android applications with hard-coded crypto keys are more common than you might expect
Download the full report, then come back here to discuss!