State of Software Security Report
Volume 4

The State of Software Security is a semi-annual report that draws on continuously updated information in Veracode’s cloud-based application risk management services platform. Unlike a survey, the data comes from actual code-level analysis of billions of lines of code representing thousands of applications.

Download the Report


This volume captures data collected over the past 18 months from the analysis of 9,910 application builds on our cloud platform (compared to 4,835 application builds in Volume 3 published in April 2011). This reflects the growing use of independent, cloud-based application security testing services. As before, the report first examines the security quality of applications by supplier type in the software supply chain and then explores application security by language, industry, and application type (including mobile).


About the profiles, trends, and the State of Software Security from real data from Veracode’s customers December 2011. New in Volume 4 are sections on Android application analysis, vulnerability prevalence as viewed from the lens of the threat space (i.e. most frequently exploited vulnerabilities) and a comparative analysis of the Government sector relative to other industries and the overall dataset