The problem that jumps out at me is that SQL injection has been on this list for the better part of a decade. Why does this continue to be the case? Well, there are contributing factors to be certain.