Risks associated with software today ..
"An application achieves ASVS Level 2 (or Standard) if it adequately defends against most of the risks associated with software today."
Your web applications are only as secure as the underlying OS. If that's insecure then no amount of ASVS will cure it. How about designing an OS that can differenciate between local software and software downloaded from the Internet and don't execute the latter. How about not using an OS that can be compromised by clicking on a malicious weblink or opening an email attachment.
ps: I notice some broken HTML at the top of the page to get some script to run:
html> head> script>var inDapIF true; /script> /head> body> script src "https://tpc.googlesyndication.com/safeframe/1-0-2/js/ext.js"> /script> IFRAME SRC "https://fw.adsafeprotected.com/rjsi/dc/49009/6898563/ddm/adi/N117602.126839THEREGISTER.COM/B9199301.125002745;sz 728x90;click https://adclick.g.doubleclick.net/aclk 253Fsa 253DL 2526ai