Which vulnerability do you fix first, the quickest one to fix or the one that can cause the most damage?
With the publication of the seventh ‘State of Software Security’ report from Veracode this week, some organisations seem to be adopting an ‘Animal Farm’ mindset to AppSec. All vulnerabilities might not be equal, but there could be danger in giving more credence to certain vulnerability types that might come back and bite them on the ass.
The Veracode ‘State of Software Security’ report suggests that even though XSS vulnerabilities are the most frequently occurring and SQLi the most common when it comes to ‘severe vulnerability types’ (and indeed the most reported by media) they are actually far from being the most common of all vulnerabilities.
