ABSTRACT
Research data consistently show that commercial software applications are not significantly more secure than those internally developed. This observation is independent of the specific industry vertical. Commercial software had a 9% lower OWASP pass rate than internally developed software possible because of the broader mix of software languages used for commercial software and the age of the code base.
