Despite decades of research and development in software security, vulnerabilities continue to emerge in large quantities. This prestudy provides an overview of research and other literature that investigates the reasons behind the occurrence of vulnerabilities in software. The aim of the study is to support understanding of the factors behind the occurrence of vulnerabilities and this aiding in avoiding them. Vulnerabilities occur in practically all software and there are many diverse types of vulnerabilities. The causes of the vulnerabilities are many and includes, among others, organizational factors, insecure programming languages, tools that are hard to use or inadequate, flawed development methods, lack of motivation among developers, and lack of security knowledge. The challenge in preventing software vulnerabilities is thus not only technical; it is also important to account for the human factor. Despite a significant amount of research already performed to identify the potential factors behind the occurrence of software vulnerabilities, the same types of vulnerabilities are still being reported. This indicates that there is much research related to causes for vulnerabilities still to be done. This report identifies a number of suggestions for further research.