The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together
sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.

The statistics was compiled from web application security assessment projects which were made by the following companies in 2008 (in alphabetic order):

    * Blueinfy
    * Cenzic with Hailstorm
    * DNS with WebInspect
    * Encription Limited
    * HP Application Security Center with WebInspect
    * Positive Technologies with MaxPatrol
    * Veracode with Veracode Security Review
    * WhiteHat Security with WhiteHat Sentinel

The statistics includes data about 12186 sites with 97554 detected vulnerabilities.

http://projects.webappsec.org/Web-Application-Security-Statistics

If you represent an organization that performs vulnerability assessments on websites, particular in those in custom web applications, through a manual or automated process and would like to participate please let us
know. Please contact Sergey Gordeychik (gordey_at_ptsecurity.com).