Synopsys Report Reveals Decline in Software Vulnerabilities, Emphasizing Need for Multilayered Security Strategies

A recent report by Synopsys reveals a significant decline in software vulnerabilities over the past three years, dropping from 97% in 2020 to 83% in 2022, according to an article by Help Net Security. This positive trend is attributed to the implementation of robust security practices such as code reviews, automated testing, and continuous integration.

The data, derived from Synopsys Security Testing Services, spans web applications, mobile applications, network systems, and source code, employing various security testing techniques like penetration testing, dynamic application security testing (DAST), mobile application security testing (MAST), and network security testing.

While the decrease in vulnerabilities is a positive development, the report emphasizes the inadequacy of relying on a single security testing solution, highlighting that server misconfigurations, comprising 18% of total vulnerabilities, may go unchecked without a multi-layered approach. The recommended strategy includes static application security testing (SAST) for coding flaws, DAST for running applications, software composition analysis (SCA) for third-party components, and penetration testing for comprehensive coverage.

Advancements in programming languages and integrated development environments (IDEs) are contributing to improved code quality by offering built-in checks and tools. However, the report notes a concerning trend regarding less popular or older open-source projects, where approximately 20% are no longer maintained, leaving them vulnerable to exploits.

The report underscores the urgency of addressing vulnerabilities promptly, particularly with the rise of automated exploitation tools used by attackers. Leaked information remains a top risk, with information leakage issues consistently comprising an average of 19% of total vulnerabilities. The report stresses the need for organizations to adopt a strategic and holistic approach to software security, given the growing sophistication of hackers.

Additionally, it emphasizes the importance of understanding the versions of all components in use to mitigate potential vulnerabilities, particularly in third-party and open-source components. Overall, the findings highlight the evolving landscape of software security and the ongoing efforts needed to safeguard against emerging threats.