More than 4 out of 5 (83%) of applications had at least one flaw, up from 72% 10 years ago. Two-thirds of all applications Veracode scanned had flaws considered to be critical by industry standards. Two out of three applications failed to pass policy compliance tests based on the OWASP Top 10 security risks and the CWE/SANS Top 25 Most Dangerous Software Errors. Two approaches work well: security training for developers and providing them with feedback in the development environment where they can address issues as they crop up.”]
Source: https://www.csoonline.com/article/3536674/how-to-prioritize-application-security-flaws.html