December 20, 2020 08:34 am
Report: PHP, C, Java, and
Application-security company Veracode "has released the 11th volume of its annual State of Software Security report, and its findings reveal that flawed applications are the norm, open-source libraries are increasingly untrustworthy, and it's taking a long time to patch problems," reports TechRepublic. The top three security flaws — like last year — are still information leakage, cryptographic issues, and CRLF injection:The report found a full 76% of apps contained flaws, and 24% of apps have flaws considered highly severe. Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame... In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range. Despite that good sign, it's still taking an average of six months to close half of discovered flaws... Veracode also released a heatmap of the worst bugs in the most popular languages. Interestingly enough, the language with the least use of open-source libraries is also the one with the most bugs: PHP. Looking at the heatmap, it's easy to spot which of the five popular languages included has the worst security. Following PHP is C++, then Java, .Net, JavaScript, and Python. The latter two are, doing considerably better than the competition, with the worst flaws in each only being found in roughly 30% of apps. Compared to PHP with 74.6% of its apps vulnerable to cross-site scripting, JavaScript and Python are security powerhouses.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/psNIVeRY6Lk/report-php-c-java-and-net-applications-are-the-most-frequently-flawed
Report: PHP, C, Java, and .NET Applications are the Most Frequently Flawed
Application-security company Veracode "has released the 11th volume of its annual State of Software Security report, and its findings reveal that flawed applications are the norm, open-source libraries are increasingly untrustworthy, and it's taking a long time to patch problems," reports TechRepublic. The top three security flaws — like last year — are still information leakage, cryptographic issues, and CRLF injection:The report found a full 76% of apps contained flaws, and 24% of apps have flaws considered highly severe. Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame... In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range. Despite that good sign, it's still taking an average of six months to close half of discovered flaws... Veracode also released a heatmap of the worst bugs in the most popular languages. Interestingly enough, the language with the least use of open-source libraries is also the one with the most bugs: PHP. Looking at the heatmap, it's easy to spot which of the five popular languages included has the worst security. Following PHP is C++, then Java, .Net, JavaScript, and Python. The latter two are, doing considerably better than the competition, with the worst flaws in each only being found in roughly 30% of apps. Compared to PHP with 74.6% of its apps vulnerable to cross-site scripting, JavaScript and Python are security powerhouses. Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/psNIVeRY6Lk/report-php-c-java-and-net-applications-are-the-most-frequently-flawed
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot