writes "New research from security firm Veracode found 40% of government Web sites were found to contain SQL injection vulnerabilities on their first scan, compared with 29% of Web sites for financial-sector firms and 30% of software vertical sites. Overall, the prevalence of SQL injection holes declined from the same period six months ago, Veracode found, though that wasn't the case with government sites.
The story was even more grim with cross site scripting vulnerabilities. Seventy five percent of the government Web sites Veracode tested had cross site scripting holes on their first try. Finance sites faired only slightly better: 67% contained at least one cross site scripting hole and 55% of software industry Web sites."Link to Original Source