This is first CRASH* Report describing a distribution of security weaknesses from the Common Weakness Enumeration (CWEs) Repository across a global sample of business applications. The data were drawn from CAST’s Appmarq Repository which is the world’s largest repository of structural quality data on business applications. The report provides empirical evidence on factors affecting the density of security weaknesses.