Software vulnerabilities are on the decline, but that's no reason to relax

News
By Sead Fadilpašić
published

Safeguarding software warrants a multi-faceted approach

Fingers typing on a keyboard.
(Image credit: Pixabay)

Software vulnerabilities are on the decline, but businesses still need to be extremely vigilant when building code, new research has claimed.

A report from Synopsis Cybersecurity Research Center took three years of data on web apps, mobile apps, network systems, and source code, where the researchers probed the apps the same way malicious actors would, incorporating multiple security testing techniques (pentesting, dynamic app security testing, mobile app security testing, and network security testing).

The results have shown a significant decline in vulnerabilities - from 97% in 2020 to 83% in 2022. Synopsys describes the findings as “an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors.”

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

High-severity flaws on the decline, too

However, the researchers also concluded that businesses must not rely on a single security testing solution, otherwise they’re risking missing important flaws: “For example, server misconfigurations represented an average of 18% of the total vulnerabilities found in the three years of tests. Without a multilayered security approach that combines SAST to identify coding flaws, DAST to examine running applications, SCA to identify vulnerabilities introduced by third-party components, and penetration testing to identify issues that might have been missed by internal testing, these types of vulnerabilities will likely go unchecked.”

There is more good news in the report, however. High-severity vulnerabilities, for example, are less likely. On average, over the past three years, 92% of the tests identified some kind of vulnerability, but just 27% of those tests contained high-severity vulnerabilities, and 6.2% contained critical-severity vulnerabilities.

On the flipside, cross-site scripting (XSS) is on the rise. Of all high-risk flaws found last year, 19% were found to be susceptible to XSS. Those interested in learning more can read the full report on this link

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.