March 1, DarkReading – (International) State of application security: nearly 60 percent of Apps fail first security test. Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software. Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing. “The degree of failure to meet acceptable standards on first submission is astounding - and this is coming from folks who care enough to submit their software to our [application security testing] services,” said the senior vice president of marketing for Veracode. “The implication here is that more than half of all applications are susceptible to the kinds of vulnerabilities we saw at Heartland, Google, DoD, and others - these were all application-layer attacks.” The data for Veracode’s State of Software Security Report comes from a combination of static, dynamic, and manual testing of all types of software across multiple programming languages - everything from non-Web and Web applications to components and shared libraries. Veracode tests commercial, internally developed, open-source, and outsourced applications, all of which were represented in its findings. And nearly 90 percent of internally developed applications contained vulnerabilities in the SANS Top 25 and OWASP Top 10 lists of most common programming errors and flaws in the first round of tests, the vice president said. Source: http://www.darkreading.com/vulnerabilit ... psecurity/ showArticle.jhtml?articleID=223100875