I’ll tell you one thing, it isn’t the stork! It’s not the explicit fault of the developers either. Vulnerabilities come from a combination of insecure coding practices, an ever-shifting threat landscape, the use of vulnerable components and code and idiosyncrasies of programming languages. And despite the growing reliance on and risks related to software, these problems persist and vulnerabilities in applications still abound.
Our research found that three out of four applications produced by software vendors fail to meet OWASP Top 10 standards when initially assessed for security. And applications produced in-house don’t fare much better – according to the CA Veracode State of Software Security report, volume 6, 63 percent of internally developed applications are out of compliance with OWASP Top 10 standards when initially assessed for security.
The “How do Vulnerabilities Get in Software” guide explains why applications continue to have vulnerabilities despite the increased focus on application security and secure coding practices.