Veracode：2024年度全球软件安全状况报告：应对安全债务威胁（英文版）

We know that the majority of applications have flaws, but are we talking more like ten or a ton? We use a metric called flaw density for this, because it normalizes for applications of different sizes. In short, flaw density tallies the number of flaws per MB of code identified in testing each application. On average, a typical application has 42 flaws for every 1 MB of code. That seemed odd to us, so we asked Deep Thought to crunch the numbers. It took a while, but 42 was indeed verified to