London 20 & 21st May 2010, Westminster Conference Centre

SoSS Abstract – Volume 1 - 2010

Report: The State of Software Security

The first of its kind, the State of Software Security Report takes a comprehensive look at the global state of software application vulnerabilities based on vulnerability metrics gathered from real-world applications.

This presentation will review the report’s findings derived from continuously updated data collected by Veracode’s cloud-based code analysis service.  The anonymized data represents billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers.  This is the first vulnerability analytics study of this magnitude that incorporates data from both static analysis, dynamic analysis and manual analysis.

The presentation will detail some of report’s key findings:

·         2/3 of Software Fails: 69% of all business critical applications submitted for verification did not achieve an acceptable security score upon first submission to Veracode for testing.

·         OpenSource vs. Commercial Software: Debunking the myth that OpenSource software is inherently riskier than Commercial software.
  

·         Third-Parties are the Achilles’ Heal in the Software Supply Chain:  40% of all software submitted at the request of large Enterprises was from third parties…but more than 30% of all Internally Developed software was also identifiably from third-parties.