Synopsys has published the 2023 Software Vulnerability Snapshot report revealing a decrease in the number of known vulnerabilities in software.
The data, analysed by Synopsys Cybersecurity Research Centre (CyRC), shows a significant decrease in vulnerabilities found in target applications – from 97% in 2020 to 83% in 2022 – an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors.
The report details three years of data (2020 – 2022) derived from tests run by Synopsys Security Testing Services, with targets made up of web applications, mobile applications, network systems and source code. Tests are designed to probe running applications as a real-world attacker would, incorporating multiple security testing techniques including penetration testing, dynamic application security testing (DAST), mobile application security testing (MAST) and network security testing.
“For the first time in years, we’re seeing a decrease in the number of known vulnerabilities in software, which provides new hope that organisations are taking security seriously and prioritising a strategic and holistic approach to software security in order to make a lasting impact,” said Jason Schmitt, General Manager of the Synopsys Software Integrity Group. “As hackers have become more sophisticated, a multilayered security approach is needed more than ever to identify where software risks live and protect businesses from being exploited.”
Click below to share this article
