Dr Bill Curtis, the chief scientist at CAST, said: “We found that overall, organisations are taking application security quite seriously. However, there are clear outliers to this broad finding that put companies and their customers at significant risk.”

He added: “Without a clear understanding of existing application security vulnerabilities, organisations are not addressing some of the biggest software risks that pose a threat to their business.”

The telecommunications sector also performed poorly compared to other areas of industry. Also ranking quite high for errors was the IT consulting sector.

Some of the worst code was written with Microsoft’s .NET framework, although applications developed in Java that were released more than six times per year had the very highest CWE densities.

The manufacturing, energy, and pharmaceuticals sector had the least vulnerable code.

Originally Reported: