Companies have increased the cadence of application-security testing with triple the number of applications scanned and 20 times more scans per application. The half-life of flaws in third-party libraries is three times faster than three months after disclosure. Developers are moving in the right direction, but they still have a long way to go, says Chris Eng, chief research officer at Veracode. The most common flaws discovered by static analysis were CRLF injection, information leakage, and cryptographic issues.”]