The US government sector is markedly worse than private industry at eliminating a range of common but serious flaws from software code, an analysis of real applications submitted for review to testing company Veracode has found.

The company found that 75 percent of government applications (including federal, state and local government) suffered from potentially serious cross-site scripting (XSS) flaws, considerably above the 67 percent for finance and 55 percent for the software industry itself.

Another significant issue, SQL injection, was also high at 40 percent of tested applications, again above the 30 percent for finance and 29 percent for software. Only on information leakage from applications was government roughly as poor as the finance and software industries, with a prevalence of 66 percent.

The link for this article located at CSO Online is no longer available.