November 14, 2023 at 09:45PM
Synopsys, Inc. has released the 2023 Software Vulnerability Snapshot report, which shows a decrease in vulnerabilities found in target applications. The report suggests that code reviews, automated testing, and continuous integration are helping to reduce programming errors. However, relying on a single security testing solution is no longer sufficient, and a multilayered security approach is needed. The report also highlights high-severity vulnerabilities, information leakage, cross-site scripting attacks, and risks posed by third-party software. More information can be found in the report and blog post on Synopsys’s website. Synopsys, Inc. is a leading provider of software security products and services.
The meeting notes provide an overview of the 2023 Software Vulnerability Snapshot report published by Synopsys, Inc. Here are the key takeaways:
1. The report shows a significant decrease in vulnerabilities found in target applications, from 97% in 2020 to 83% in 2022. This indicates that code reviews, automated testing, and continuous integration are effective in reducing common programming errors.
2. The data analyzed for the report spans three years (2020-2022) and includes tests run by Synopsys Security Testing Services on web applications, mobile applications, network systems, and source code. Multiple security testing techniques like penetration testing, dynamic application security testing, mobile application security testing, and network security testing were incorporated.
3. The report highlights the limitation of relying solely on a single security testing solution, such as static application security testing. Server misconfigurations accounted for an average of 18% of vulnerabilities found in the tests. A multilayered security approach that combines various testing techniques is necessary to identify different types of vulnerabilities.
4. High-severity vulnerabilities were less common, with only 27% of tests containing high-severity vulnerabilities and 6.2% containing critical-severity vulnerabilities.
5. Information leakage remains a top security risk, accounting for an average of 19% of total vulnerabilities found in the tests.
6. Cross-site scripting vulnerabilities have been on the rise, representing 19% of all high-risk vulnerabilities found in 2022.
7. Third-party software poses increased risks, as 25% of the tests found vulnerable third-party libraries to be a risk. It is important to be aware of all component versions, including third-party and open source components, to ensure software security.
To learn more about the report, you can download the 2023 Software Vulnerability Snapshot or read the detailed blog post on the topic.
The Synopsys Software Integrity Group offers integrated solutions to transform software development processes and accelerate innovation while addressing business risks. Their comprehensive portfolio of software security products and services interoperates with third-party and open source tools. Learn more about Synopsys and their offerings at https://ift.tt/a7wzS4d.
Synopsys, Inc. is a Silicon to Software™ partner for companies developing electronic products and software applications. They are a global leader in electronic design automation and semiconductor IP, providing a broad portfolio of application security testing tools and services. Learn more about Synopsys at www.synopsys.com.