Security News > 2020 > December > The worst bugs in the top programming languages
Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame.
In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range.
"For the most part, the top flaw types have stayed fairly consistent over the years. Volume 10 last year found that information leakage, cryptographic issues, CRLF injection, and code quality flaws were the most common types of flaws found in applications. In this year's research, the top three did not move around, and the third place 'cryptographic issues' are also found in almost two out of three applications with flaws in this report," the report said.
Interestingly enough, the language with the least use of open-source libraries is also the one with the most bugs: PHP. Looking at the heatmap, it's easy to spot which of the five popular languages included has the worst security.
The latter two are, doing considerably better than the competition, with the worst flaws in each only being found in roughly 30% of apps.