Two recent surveys had shed light on pervasive security problems in applications. A CAST survey found that companies have $3.6 million of technical debt that needs to be addressed, and that problems are particularly high among Java applications. A separate study by Veracode found that 80 percent of applications studied did not meet its criteria for secure applications, with a high percentage of the Web apps studied having cross-site scripting and SQL injection vulnerabilities.
Analyst Neil MacDonald of Gartner said that better training and better processes could help avoid some vulnerabilities. However, he admitted, “It is hard to change processes and developers. It requires a combination of people change, process change and technology change.”