The State of Software Security is a semi-annual report that draws on continuously updated information in Veracode's cloud-based application risk management services platform. Unlike a survey, the data comes from actual code-level analysis of billions of lines of code and thousands of applications.
The resulting security intelligence cannot be found anywhere else. It represents multiple testing methodologies (static binary, dynamic, and manual) on the full spectrum of application types (components, shared libraries, web and non-web applications) and programming languages (including Java, C/C++, .NET, ColdFusion, and PHP) from every part of the software supply chain (Internally Developed, Open Source, Outsourced, Commercial). For those executives, security and development professionals who want to better understand the vulnerabilities that threaten the integrity and performance of software in the software supply chain, this series of reports is essential reading.