Developer News -- 'Significant' Security Flaws Uncovered in Many Web Applications
@stake studied 45 e-business applications that were responsible for generating $3.5 billion in revenue for @stake clients. The idea was to find vulnerabilities in the applications themselves, as opposed to surrounding network infrastructure, that could lead to security breaches.

From those 45 applications, @stake found nearly 500 "significant" security defects, with an average of at least 10 per assessment. Seventy percent of the defects were due to design flaws in the applications and nearly half of the most serious flaws could have been caught and fixed in the application design phase.
http://www.internetnews.com/dev-news/article/0,,10_978771,00.html