Site Logo
Posted to Industry Comment on Wednesday, November 15, 2023 Share:
3 minute read

Software vulnerabilities on the decline, according to new research

Synopsys has published the 2023 Software Vulnerability Snapshot report.

According to the data, analysed by Synopsys Cybersecurity Research Centre (CyRC), there has been a decrease in vulnerabilities found in target applications, from 97 per cent in 2020 to 83 per cent in 2022, a sign that code reviews, automated testing, and continuous integration are helping to reduce common programming errors.

The report details three years of data (2020 - 2022) derived from tests run by Synopsys Security Testing Services, with targets made up of web applications, mobile applications, network systems, and source code. Tests are designed to probe running applications as a real-world attacker would, incorporating multiple security testing techniques including penetration (pen) testing, dynamic application security testing (DAST), mobile application security testing (MAST), and network security testing.

Although this is a positive development for the industry, the data also demonstrates that relying on a single security testing solution such as static application security testing (SAST) is no longer sufficient as an approach. For example, server misconfigurations represented an average of 18 per cent of the total vulnerabilities found in the three years of tests. Without a multi-layered security approach that combines SAST to identify coding flaws, DAST to examine running applications, SCA to identify vulnerabilities introduced by third-party components, and penetration testing to identify issues that might have been missed by internal testing, these types of vulnerabilities will likely go unchecked.

Jason Schmitt, General Manager of the Synopsys Software Integrity Group said, "for the first time in years, we’re seeing a decrease in the number of known vulnerabilities in software, which provides new hope that organisations are taking security seriously and prioritizing a strategic and holistic approach to software security in order to make a lasting impact. As hackers have become more sophisticated, a multi-layered security approach is needed more than ever to identify where software risks live and protect businesses from being exploited.”

Additional findings include

  • High-severity vulnerabilities are less likely: On average over the past three years, 92% of the tests uncovered some form of vulnerability. However, only 27% of those tests contained high-severity vulnerabilities, and 6.2% contained critical-severity vulnerabilities.
  • Leaked information continues to be a top risk: The top security issue that was uncovered has remained unchanged from 2020 to 2022 – information leakage, a major security issue occurring when sensitive information is exposed to unauthorized parties. An average of 19% of the total vulnerabilities were directly related to information leakage issues.
  • Cross-site scripting is on the rise: Of all high-risk vulnerabilities found in 2022, 19% were found to be susceptible to cross-site scripting attacks.
  • Third-party software poses increased risks: Among the top 10 security issues in 2022, 25% of the tests conducted found vulnerable third-party libraries to be a risk. Software is likely vulnerable if you do not know the versions of all components in use, including third-party and open-source components.
Topics
REPORT
SECURITY
SOFTWARE
More News
20 hours ago
Businesses with slow websites could lose up to £28.4 billion this Christmas
Online operations are the backbone for thousands of businesses both large and small in the UK, especially around the holiday season, with online spending predicted to hit £24.1 billion between 1st November and 31st December according to the Adobe Digital Economy Index.
21 hours ago
Abloy Digital Access Solutions Academy 2024 schedule announced
Abloy UK has announced its new schedule of training dates via its Academy and Digital Access Solutions Academy, with courses on a range of topics, from emergency and panic escape compliance to the latest innovations in digital access technology.
3 days ago
PFU (EMEA) announces series of PC-free updates to ScanSnap Home
PFU (EMEA) has announced an update to its mobile application for ScanSnap, ScanSnap Home (for mobile), marking the first step towards achieving PC-free ScanSnap functionality.
5 days ago
Workplace gifting start-up hits user milestone
Workplace gifting start-up Thankbox has hit a milestone of 100,000 users. The Edinburgh-based company was launched in 2020 by husband-and-wife Valentin and Tsvetelina Hinova.
5 days ago
VIPRE Security Group CTO highlights cybersecurity trends for 2024
Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, highlights cybersecurity trends, primarily driven by generative AI adoption, that will dominate in 2024.
54 minutes ago
78% UK IT decision makers deploying AI and automation
8x8, Inc, an integrated cloud contact centre and unified communications platform provider, has unveiled how companies are dealing with this current time of instability and insecurity, which is impacting British businesses by turning to AI and automation.
3 days ago
Employees spend 20% of salary returning to office
A new study has found that Birmingham is the most expensive city to commute in for hybrid workers, as staff spends up to 16 per cent of their salary travelling in each month.
4 days ago
Rubix VT signs up as headline sponsor of Brighton Half Marathon
Independent business telecoms provider, Rubix VT will be the headline sponsor for the Brighton Half Marathon for the next three years.
5 days ago
Maped Helix releases stocking filler guide
From magical, colour-changing felt tips to blow art sets, Maped Helix has released its guide to help make traditional Christmas stocking full of small yet meaningful gifts.
5 days ago
Software vulnerabilities on the decline, according to new research
Synopsys has published the 2023 Software Vulnerability Snapshot report.

Login / Sign up