Flaws fixed incorrectly, as secure coding education lags
Broken access control and broken object level authorizations vulnerabilities have proven the most difficult to fix, while fixes for command injection and SQL injection flaws are most often incorrect.