Here’s something else to keep you up at night: Most of today’s scanning tools can’t detect software backdoor programs that can be inserted during the development process. Researchers at Veracode have identified several different forms of these backdoor programs, which are sometimes inserted purposely by the developer for debugging reasons and can inadvertently put the app at risk — as well as those that can be easily sneaked into applications by malicious coders or attackers. Fortify Software researchers dub the malicious form of this threat as “cross-build injection” — where vulnerabilities and malware such as backdoors are tucked into code during the software development process. Veracode today also announced that it has added new features to its SecurityReview application security scanning service that detect some of these backdoor programs, which can sit quietly and invisibly in an application without your knowledge, leaving the door unlocked for an attacker to take over your machines.