A look at software application security, courtesy of Veracode.
A look at the state of software security.
Veracode has published a report on software application security, finding that 69% of applications have at least one OWASP Top 10 flaw.
Comparing flaws by languages.
Around four out of five programs written in .NET and Java have at least one flaw, while just over half of JavaScript applications contain a flaw:
“The choice of programming language has an effect on the types of flaws that are most commonly introduced, and it affects the ecosystem of libraries and third-party software. Slowing down and taking a look at this reality is useful for those individuals or organizations that wish to prioritize their training to know what the most common flaws are, and how they might be introduced. This basic awareness can influence code as it is being written — the best time to avoid introducing a flaw that could hang around throughout the lifecycle of an application.”
The researchers add, “Even though JavaScript is the top performing language of the three we’re exploring, applications in JavaScript are written by humans, and those humans are just as prone to introducing flaws (of any severity) as any other. When JavaScript developers do introduce certain CWEs they introduce a lot of them as well — a whole lot.”