A report by security firm Veracode made the news this week with a claim that more than 80 percent of the 10,000 applications it examined failed its security tests. Less than 60 percent of applications failed similar tests in April. According to coverage in eWeek, the drastic increase in failed tests is due to Veracode's stricter testing and newly instituted "'zero-tolerance policy' for cross-site scripting and SQL injection flaws."

The Register notes the report's discovery that "mobile developers tend to make similar mistakes to enterprise developers, such as the use of hard-coded cryptographic keys," with more than 40 percent of tested Android applications failing this test. Forty is also the magic number for government applications percent of tested applications, where forty percent of tested applications showed signs of SQL injection issues.

Meanwhile, according to a story in Wired, commercial applications are subject to other flaws, including "buffer overflow and management issues."

But it's not all doom and gloom. the Register also notes that "more than 80 percent of the apps that flunked Veracode's tests at the first attempt were successfully modified to make a passing grade within one week."

What's your reaction to these numbers? Based on your experiences, are Veracode's results surprising or typical? And, perhaps most importantly, what can we do about it?