This report goes in depth on the state of software security, going into overall security, application security testing, how flaws are and are not equal, and security debt.