State of Software Security Report
Volume 3

The State of Software Security is a semi-annual report representing the anonymized data from billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers in Veracode’s cloud-based application risk management services platform.

Download the Report


This volume captures data collected over the past 18 months from the analysis of 4,835 applications on our cloud platform (compared to 2,922 in Volume 2 published in September 2010). This reflects the growing use of independent, cloud-based application security testing services. As before, the report first examines the security quality of applications by supplier type in the software supply chain and then explores application security by language, industry, and application type.


About the profiles, trends, and the State of Software Security from real data from Veracode’s customers. New in Volume 3 are sections on Remediation Analysis, Developer Training and Education, and a deep dive on the Software industry.