Security News > 2023 > November > Organizations’ serious commitment to software risk management pays off
There has been a significant decrease in vulnerabilities found in target applications - from 97% in 2020 to 83% in 2022 - an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors, according to Synopsys.
The report details three years of data derived from tests run by Synopsys Security Testing Services, with targets made up of web applications, mobile applications, network systems and source code.
Tests are designed to probe running applications as a real-world attacker would, incorporating multiple security testing techniques including penetration testing, dynamic application security testing, mobile application security testing and network security testing.
Without a multilayered security approach that combines SAST to identify coding flaws, DAST to examine running applications, software composition analysis to identify vulnerabilities introduced by third-party components, and penetration testing to identify issues that might have been missed by internal testing, these types of vulnerabilities will likely go unchecked.
"For the first time in years, we're seeing a decrease in the number of known vulnerabilities in software, which provides new hope that organizations are taking security seriously and prioritizing a strategic and holistic approach to software security in order to make a lasting impact," said Jason Schmitt, GM of the Synopsys Software Integrity Group.
Only 27% of those tests contained high-severity vulnerabilities, and 6.2% contained critical-severity vulnerabilities.