Software vulnerabilities are on the decline, but that’s no reason to relax

Safeguarding software warrants a multi-faceted approach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Software vulnerabilities are on the decline, but businesses still need to be extremely vigilant when building code, new research has claimed.

A report from Synopsis Cybersecurity Research Center took three years of data on web apps, mobile apps, network systems, and source code, where the researchers probed the apps the same waymaliciousactors would, incorporating multiple security testing techniques (pentesting, dynamic app security testing, mobile app security testing, and network security testing).

The results have shown a significant decline in vulnerabilities - from 97% in 2020 to 83% in 2022. Synopsys describes the findings as “an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors.”

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

High-severity flaws on the decline, too

However, the researchers also concluded that businesses must not rely on a single security testing solution, otherwise they’re risking missing important flaws: “For example, server misconfigurations represented an average of 18% of the total vulnerabilities found in the three years of tests. Without a multilayered security approach that combines SAST to identify coding flaws, DAST to examine running applications, SCA to identify vulnerabilities introduced by third-party components, and penetration testing to identify issues that might have been missed by internal testing, these types of vulnerabilities will likely go unchecked.”

There is more good news in the report, however. High-severity vulnerabilities, for example, are less likely. On average, over the past three years, 92% of the tests identified some kind of vulnerability, but just 27% of those tests contained high-severity vulnerabilities, and 6.2% contained critical-severity vulnerabilities.

On the flipside, cross-site scripting (XSS) is on the rise. Of all high-risk flaws found last year, 19% were found to be susceptible to XSS. Those interested in learning more can read the full report onthis link.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time