But that doesn’t explain why so much software is full of the most basic errors.
According to a report released this month by Veracode, 61 percent of all internally-developed applications failed a basic test of compliance with the OWASP Top 10 list on their first pass. And commercially developed software did even worse, with a 75 percent failure rate.
These are basic, well-known problems, like SQL injections and cross-site scripting.
Read full article at CSO magazine.
Article also reprinted in Computerworld.