HP's 2011 "Top Cyber-Security Risks Report" found that the number of security vulnerabilities in commercial software declined from 8,502 in 2010 to 6,843 in 2011, nearly a 20 percent drop. However, that doesn't mean security risks are also declining. That's because hackers are becoming more sophisticated and because the number of high-risk vulnerabilities, those that need to be patched immediately to prevent attacks, actually increased 7 percent. "The ones that are out there are particularly nasty," said HP's Jennifer Lake.
The company encouraged software developers to begin addressing security concerns early in an application's lifecycle. "Application security has been a pervasive need because applications are pervasive," said HP's Mark Painter. "They're everywhere. … Security needs to be a process. It needs to be baked in, not just brushed on."