"Java, .NET Developers Prone to More Frequent Vulnerabilities"

According to the software-testing firm Veracode, over three-quarters of Java and .NET applications contain at least one vulnerability from the OWASP Top 10, a list of software flaws commonly used by developers as a baseline for application security. In an analysis of around 760,000 applications, Veracode discovered that about one in five applications using these two programming ecosystems had at least one high- or critical-severity vulnerability. The data showed that the average application had a 27 percent chance of having at least one vulnerability introduced every month, with poorly written applications and infrequently scanned apps more likely to be flawed than applications with a longer history of security processes and written by well-trained developers. Tim Jarrett, vice president of strategic product management at Veracode, explains that the study underscores the significance of integrating security into the development pipeline. Software companies and development teams battle to eliminate application code bugs and vulnerabilities. Veracode reports that the average vulnerability's half-life is still measured in months, not days or weeks. Seventy-one percent of the applications studied were Java and. NET apps. After 243 and 158 days, respectively, half of the defects were still affecting the applications. This article continues to discuss the Java and .NET developers being more likely to face more frequent vulnerabilities. 

Dark Reading reports "Java, .NET Developers Prone to More Frequent Vulnerabilities"