Today, Synopsys has released its 2023 Software Vulnerability Snapshot report, showcasing a notable decline in vulnerabilities within target applications. The Synopsys Cybersecurity Research Center (CyRC) analysed the data, revealing a decrease from 97% in 2020 to 83% in 2022. This positive trend suggests that practices such as code reviews, automated testing, and continuous integration are effectively reducing common programming errors.
The report spans three years of data (2020 – 2022) obtained from tests conducted by Synopsys Security Testing Services. These tests targeted web applications, mobile applications, network systems, and source code, employing various security testing techniques like penetration testing, dynamic application security testing (DAST), mobile application security testing (MAST), and network security testing.
While the industry celebrates this progress, the data underscores the inadequacy of relying solely on a single security testing solution, such as static application security testing (SAST). Notably, server misconfigurations accounted for an average of 18% of total vulnerabilities discovered over the three-year testing period. The report emphasizes the importance of a multi-layered security approach, combining SAST to identify coding flaws, DAST to assess running applications, SCA to pinpoint vulnerabilities from third-party components, and penetration testing to catch issues overlooked during internal testing.
Jason Schmitt, the general manager of the Synopsys Software Integrity Group, commented on the significance of the decrease in known vulnerabilities, stating, “For the first time in years, we’re seeing a decrease in the number of known vulnerabilities in software, which provides new hope that organisations are taking security seriously and prioritising a strategic and holistic approach to software security in order to make a lasting impact.”
Key findings from the ..
Support the originator by clicking the read the rest link below.
