State of Software Security Report
Volume 5

For the past 5 years, Veracode has examined trends associated with exploitable vulnerabilities in enterprise applications.

Download the Report



This report draws on continuously updated information from Veracode’s cloud-based platform, representing a wide range of:

  • Application types (web, mobile, non-web)
  • Programming languages (Java, C/C++, .NET, PHP, ColdFusion)
  • Security testing methodologies (static binary, dynamic and manual).


Based on tens of thousands of applications assessed by Veracode's cloud-based platform, this report describes key findings such as:

  • 87% of web applications fail the OWASP Top 10
  • 69% of non-web applications fail the CVE/SANS Top 25
  • Information leakage and encryption issues are among the top vulnerabilities found for mobile apps (Android, iOS, Blackberry)

Questions? 1-888-937-0329 |

Veracode’s cloud-based service is a simpler and more scalable way to reduce application-layer risk across your entire global software infrastructure — including web, mobile and third-party applications — without hiring more consultants or installing more servers and tools. With Veracode's smart approach to application security, you can drive your innovations to market faster — without sacrificing security in the process.