You just read:

Coverity at RSA 2013: Why SQL Injection and Cross-Site Scripting Issues are Hard to Fix

News provided by

Coverity

Feb 19, 2013, 09:00 EST