Very useful reading for anybody interested in the state of software security.
One thing that struck me was the actual download process. To download the report, you have to register giving your contact details. Fair enough, Veracode wants to see who is reading their reports. However a few security related thoughts on this process:
- The registration process does not use SSL, so my contact details travel in clear text.
- The information is posted to:
- Who is Marketo? I can see no privacy statement to say what happens to my contact details.
I have to ask myself whether am I over the top? Maybe, then again....