High-risk, critical vulnerabilities found in 25% of all software applications and systems

Diving Brief:

  • Among the vast majority of applications or systems, 95% have vulnerabilities, according to a Synopsys Software Integrity Group Report. Across all systems, a fifth had high-risk vulnerabilities and just under 5% were considered critical.
  • The researchers performed 4,400 tests on 2,700 software targets, including web applications, mobile applications, source code files or network systems. The tests were primarily “black box” or “grey box” testing, which included penetration testing, dynamic application security testing, or mobile application security testing.
  • The most prevalent vulnerability was based on weak Secure Socket Layer/Transport Layer Security (SSL/TLS) configurations; 4 out of 5 test targets had some form of this type of vulnerability.

Overview of the dive:

The report comes at a time when software vulnerabilities are taking center stage in the debate over how to protect critical systems from malicious cyberattacks.

Such vulnerabilities create a backdoor for criminal actors or rogue nation states to launch attacks against the nation’s most vulnerable industries, including hospitals, schools, utility companies, government agencies, and others. critical sites.

The Synopsys report showed some improvements from a year ago, indicating that enterprises and other organizations are working to better detect vulnerabilities in their applications before they are shipped and installed by customers.

However, as the industrial workplace becomes increasingly reliant on automation, the need for proactive testing of the integrity of these systems has become a key priority.

“Ultimately, software risk equates to business risk and not taking steps to mitigate that risk could potentially impact an organization’s bottom line,” Synopsys member Ray Kelly said via email. .

About 1 in 5 of the test subjects had been exposed to a cross-site scripting vulnerability, which is considered one of the most destructive vulnerabilities found in web applications.

The percentage is about 6% lower than the number found in the previous year’s report, which the researchers say is a sign that companies are taking steps to mitigate these vulnerabilities during the production phase.

The results also demonstrate the need for software BOMs, according to Synopsys researchers. Third-party libraries were found in 21% of penetration tests conducted during the study.

Comments are closed.