Cyber attacks are increasingly targeting software vulnerabilities at the application layer. Vulnerabilities at this layer are well-known, for example OWASP publishes a list of common weaknesses, calledthe OWASP top ten. Addressing the vulnerabilities at the application layer is difficult however: Software at this layer is complex, and the security ultimately depends on the many software developers and software development firms who write web applications, apps, addons, libraries, and so on.
- Secure software engineering initiatives stocktaking: In 2011 we published an overview of different initiatives in the area of Secure software engineering Secure Software Engineering Initiatives.
- Secure App Development: In collaboration with OWASP (OWASP's Mobile Security project), ENISA addressed the lack of security guidelines for developers of smartphone apps with the report Smartphone Secure Development Guidelines.