Third State of Software Security (SOSS) report finds that software developers are still doing a poor job of making applications secure. Problems such as SQL injection and cross site scripting vulnerabilities still tripping up many applications that Veracode tested. Financial services firms generally did a better job than other industries when it comes to application security, the report found. The report, the third of its kind, analyzed the outcome of 4835 application audits by Veracodes. Three quarters of those were Web applications, with half writing in Java and 30% in NET.
Source: https://threatpost.com/report-application-security-still-mostly-sucks-041911/75144/