Some useful stats to help Software developers: 22,022 security vulnerabilities were disclosed in 2018 and 27% had no known or available fixes

• 47.9% - Web Related
• 27.5% - Access, Authentication
• 67.7% - Improper input validation 
• 33% - severity rating of 7 or above. Nearly one-third of them had public exploits available and more than half were remotely exploitable.

https://www.darkreading.com/vulnerabilities---threats/more-than-22000-vulns-were-disclosed-in-2018-27--without-fixes/d/d-id/1333998