WASC Web Application Security Statistics Project
Goals:
1. Identify the prevalence and probability of different vulnerability
classes (WASC TOP 10)
2. Compare testing methodologies against what types of vulnerabilities
they are likely to identify.
http://www.webappsec.org/projects/statistics/
こんなプロジェクトがあったんですね。