The problem is that software applications can contain thousands of lines of code, and it only takes one vulnerability to give an attacker the leverage he needs. For example, SQL injection attacks might be "old news," but Veracode says 30 percent of security breaches this year will be due to SQL injection. Would-be hackers can find instructions on the web for launching such attacks.
A recent report from Cenzic says 99 percent of tested applications contain at least one serious flaw, with the median number being 13 bugs per app.
Take heart, though. There is some good news. Check out the post over on darkreading.com to find out more:
The Long Road to Secure Applications