According to code-testing vendor Veracode, the company finds security vulnerabilities in 84 percent of desktop and Web applications when they are submitted for testing the first time. Two-thirds of those applications included cross-site scripting vulnerabilities and one-third had SQL injection vulnerabilities. However, the company notes that the volume of bugs overall has gone down.
“When you look at the trend of SQL injection, in particular, over our entire dataset over the past three years, quarter by quarter it’s trending downwards, which means people are becoming aware of this problem and fixing these applications,” said Veracode’s Chris Wysopol.
The report also found that 40 percent of Android applications had security vulnerabilities.