The worst bugs in the top programming languages | WHAT REALLY HAPPENED

The worst bugs in the top programming languages

Veracode has released the 11th volume of its annual State of Software Security report, and its findings reveal that flawed applications are the norm, open-source libraries are increasingly untrustworthy, and it's taking a long time to patch problems.

The report found a full 76% of apps contained flaws, and 24% of apps have flaws considered highly severe. Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame.

Open-source libraries are a massive attack surface due to their ubiquity, Veracode said in the report. It also pointed out that there's no correlation between the quality of in-house code and open-source bugs, highlighting that developers should be verifying the safety of open-source libraries no matter how good they think their own code is.