Skip to main content
close search
site logo
Dive Brief

High risk, critical vulnerabilities found in 25% of all software applications and systems

Published Nov. 15, 2022
David Jones's headshot
Reporter
Concept with expert setting up automated software on laptop computer.
NicoElNino via Getty Images

Dive Brief:

  • Among the vast majority of applications or systems, 95% have vulnerabilities, according to a report from the Synopsys Software Integrity Group. Across systems, one-fifth had high risk vulnerabilities and just under 5% were considered critical. 
  • Researchers conducted 4,400 tests on 2,700 software targets, including web applications, mobile applications, source code files or network systems. The tests were primarily “black box” or “gray box” tests, which included penetration testing, dynamic application security testing or mobile application security testing.
  • The most prevalent vulnerability was based on weak secure socket layer/transport layer security (SSL/TLS) configurations; 4 in 5 test targets had some form of that type of vulnerability.

Dive Insight:

The report comes at a time when software vulnerabilities have taken center stage in the debate over how to protect critical systems against malicious cyberattacks. 

Vulnerabilities such as these create a backdoor for criminal actors or rogue nation-states to launch attacks against the country’s most vulnerable industries, including hospitals, schools, utility companies, government agencies and other critical sites. 

The Synopsys report did show some improvements from a year ago, indicating companies and other organizations are making an effort to better detect flaws in their applications before they are shipped and installed by customers. 

However, as the industrial workplace becomes ever more dependent on automation, the need for proactive testing  of the integrity of these systems has become a core priority. 

“At the end of the day, software risk equates to business risk and not taking measures to mitigate that risk could potentially impact an organization’s bottom line,” Ray Kelly, a fellow at Synopsys, said via email.

About 1 in 5 of the test subjects had been exposed to a cross-site scripting vulnerability, which is considered one of the most destructive vulnerabilities found in web applications. 

The percentage is about 6% less than the number found during the year-ago report, which researchers said is a sign that companies are taking steps to mitigate these vulnerabilities during the production phase. 

The results also demonstrate the need for Software Bills of Materials, according to Synopsys researchers. Third-party libraries were found in 21% of the penetration tests done during the study. 

Editor’s note: This article has been updated to fix the spelling of Synopsys in the teaser. 

 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell