Hi all, I'm looking for published reports on software vulnerabilities with regard to the software development process. With a bit of googling, I've found some good starting points (e.g., www.securitytracker.com/ learn/securitytracker-stats-2002.pdf), that provide stats on vulnerabilities by type. I'm particularly interested in stats that provide insight into where in the software development process the vulnerabilities were introduced.
Anyone have some good citations to share? Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
