The State of Software Security is a semi-annual report that draws on continuously updated information in Veracode’s cloud-based application risk management services platform. Unlike a survey, the data comes from actual code-level analysis of billions of lines of code and thousands of applications.
The resulting security intelligence cannot be found anywhere else. It represents multiple testing methodologies(static binary, dynamic, and manual) on the full spectrum of application types (components, shared libraries, web and non-web applications) and programming languages (including Java, C/C++, .NET, ColdFusion, and PHP) from every part of the software supply chain (Internally Developed, Open Source, Outsourced, Commercial). For those executives, security and development professionals who want to better understand the vulnerabilities that threaten the integrity and performance of software in the software supply chain, this series of reports is essential reading.
In Volume 2 of the State of Software Security there are nearly 1,400 more applications than in the inaugural report, reflecting the growing use of independent, cloud-based application risk management services. As before, the report first examines the security quality of applications by type of supplier in the software supply chain and then explores application security by language, industry, and by application type across both web and non-web applications.
New in Volume 2 are data from third-party assessments, the first inclusion of PHP and ColdFusion applications, a comparison of static binary, dynamic, and manual testing effectiveness, and additional analytics on Financial industry applications.