Skip to main content
February 11, 2016

Where do vulnerabilities come from?

I’ll tell you one thing, it isn’t the stork! It’s not the explicit fault of the developers either. Vulnerabilities come from a combination of insecure coding practices, an ever-shifting threat landscape, the use of vulnerable components and code and idiosyncrasies of programming languages. And despite the growing reliance on and risks related to software, these problems persist and vulnerabilities in applications still abound.

Our research found that three out of four applications produced by software vendors fail to meet OWASP Top 10 standards when initially assessed for security. And applications produced in-house don’t fare much better – according to the Veracode State of Software Security report, volume 6, 63 percent of internally developed applications are out of compliance with OWASP Top 10 standards when initially assessed for security. 

The “How do Vulnerabilities Get in Software” guide explains why applications continue to have vulnerabilities despite the increased focus on application security and secure coding practices. 

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.