burger menu
State of Software Security

State of Software Security

    Add to bookmarks
SUMMARY

This report on the state of software security reveals that applications designed in web scripting languages present a bigger prevalence percentage of vulnerability cases like SQL injection and Cross-Site Scripting than applications designed in .NET or Java.

According to the study, mobile applications experienced the highest rate of cryptographic issues - nearly 90% for Android and 80% for iOS. 

The report explains that development organizations that take advantage of eLearning see an improvement in fix rate compared to the rest of companies. Though this may be correlative, since eLearning use is usually linked to other success strategies - the use of centralized policies or remediation coaching.

Another of the study's key findings is that the selection of assessment types can make a difference in finding solutions as well. No single assessment technology is enough to secure an application. However, knowing the tools’ positive and negative features when it comes to fixing software vulnerabilities should not be undermined.

Report download requires free registration on publisher’s website.

 

OUTLINE

Introduction by Chris Wysopal, CTO, CISO and Co-Founder, Veracode

Executive Summary

Application Development Landscape 

Programming language distribution 

Policy compliance by programming language 

Top 10 vulnerability categories by programming language 

Comparison of critical vulnerability types

Security Assessment Types 

Remediation Analysis

Developer education

Type of application security analysis

Appendix 

About the dataset

Flaw density by programming language

DETAILS

Overview

Researchfinder Rating
4 out of 5 stars
Title
State of Software Security
Region
Global
Published
March 1, 2018
Publisher
Veracode
Price
FREE
Language
ENGLISH

Content

Number of Pages
20
Number of Tables
10
Number of Exhibits
0
Topics
security, software
Tags
application security, eLearning, global, mobile, mobile security, security, software, software security, Veracode
Companies mentioned
Microsoft
Methodology
The data represents 208,670 application assessments submitted from October 1, 2013 through March 31, 2015 by large and small companies, commercial software suppliers, open source projects and software outsourcers.
EVALUATION

This is an in-depth and highly technical report about the state of software security.

Positives:

  • Great analysis of the differences in the percentage of applications affected by key vulnerabilities depending on the programming language chosen
  • Great table comparing they key vulnerability categories: cryptographic issues, SQL injection, Cross-Site Scripting and command injecti
  • Good tables and graphics

 

Similiar Reports

Smart Mobility

FREE

Internet Trends 2019

FREE

IoT Innovation Report

FREE