A recent report by Veracode found that 70% of applications fail to comply with enterprise security policies - a 10% jump over last year. An earlier report by HP found similarly dismal numbers when it comes to application threats. Major software breaches occur regularly at the highest levels.
At the same time, application security threats are well-known and documented in the industry. The OWASP Top 10 has been around for many years. If developers simply completed a comprehensive set of software security requirements, it would eliminate a high percentage of the most serious application vulnerabilities.
So why are we failing at software security?