Today we're releasing Volume 4 of our semi-annual State of Software Security report. This edition incorporates data from 9,910 application builds (twice as many as last time) analyzed via our cloud-based platform over the past 18 months. In this edition, we also discuss how the threat landscape has evolved during 2011 and how we've adapted our analysis and evaluation criteria to account for those changes. Here are a few of the highlights:

  • Application security performance declines steeply when the current threat landscape is taken into account in the evaluation criteria
  • XSS and SQL injection affect a higher proportion of government applications relative to other industry verticals
  • Greater knowledge of application security -- as derived from eLearning test scores -- is associated with improved security quality scores
  • Android applications with hard-coded crypto keys are more common than you might expect

Download the full report, then come back here to discuss!

About Chris Eng

Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.