Cross-industry benchmarking report shows prevalence of CWE densities
CAST announced the findings from its global benchmarking report on the state of software security. The CRASH Report on Application Security reveals software that is vulnerable to exploit based on an application’s Common Weakness Enumeration (CWE) density.
“We found that overall, organizations are taking application security quite seriously. However, there are clear outliers to this broad finding that put companies and their customers at significant risk,” said Dr. Bill Curtis, SVP and Chief Scientist at CAST Research Labs. “Without a clear understanding of existing application security vulnerabilities, organizations are not addressing some of the biggest software risks that pose a threat to their business.”
Based on contextual software analysis, the CAST Research on Application Software Health reveals how teams can better protect against hackers or disgruntled employees who manage to penetrate network security measures. Key findings from the report include:
CWE density is not related to application size.
Financial Services and Telecommunications have the highest CWE densities compared to other industries.
Applications developed using .NET have higher CWE densities and produce some of the poorest software quality overall.
Neither source nor shore impact CWE densities across application portfolios.
Java applications released more than six times per year have the highest CWE densities.