Open-source software projects continue to struggle with handling sensitive information, according to automated scans of hundreds of millions of commits to code repositories.
Software-security toolmaker DeepCode found that four of the seven vulnerabilities classes with the greatest impact on the security of software projects had to do with failures to protect data. The categories of Missing Input Data Sanitization and Insecure Password Handling laid claim to the top-two slots on the company's list of important vulnerability classes. Two other data security issues — Weak Cryptography and Lack of Information Hiding — came in No. 6 and No. 7 on the list, which was published this week.
The issues underscore that developers need to continue to focus on producing secure code in 2020, says Boris Paskalev, CEO and co-founder of the company. "We believe that any developer who has these issues should want to take care of them," he says, adding the developers should continue to learn about security. "In at least every other other major repository, we see a security vulnerability."
Driven by increased research into software security, more software under development, companies' greater openness to vulnerability reporting, and perhaps most of all - improvements to the process of recording vulnerability reports - the number of software security issues published in the National Vulnerability Database rose to the highest recorded level in 2019, surpassing 17,300 issues reported during the year.
This continues a trend that started in 2017, when the number of vulnerabilities reported annually jumped to 1 ..
Support the originator by clicking the read the rest link below.
