C Programming Language Reported The Highest 47% Vulnerabilities In 2019
Being a programming enthusiast, we always opt for the best programming languages. But it doesn’t mean that the best language is always the most secure one. The choice may vary depending on the industry domain as professional coders look for the most secure programming language.
Security is directly related to the vulnerability posed by the code written in a particular language. And the recent report “The State of Open Source Security Vulnerabilities 2020”, published by WhiteSource reveals that C programming language accounts for the highest percentage of all vulnerabilities with over 77% in the last 10 years.
Open Source Vulnerabilities In Coding Languages
WhiteSource’s research report is based on the data collected from various sources such as NVD, security advisories, and popular open-source issue trackers. The data tracks the bugs reported by the top seven coding languages between 2009-19.
Being one of the oldest, C and PHP collectively constitute over 63% of all vulnerabilities with the highest contribution of 47% by C alone. This may be because of the high volume of code written in these languages. However, this percentage is also decreasing as developers are switching to popular languages such as Go and Python.
In addition to these, scripting languages such as Javascript and Python has comparatively less vulnerable code. So Python, which is already one of the most loved coding languages, can now be the best choice not only for beginners but also for professional coders.
What Makes Code Vulnerable?
According to the report, the most prevalent CWE is the Cross-Site-Scripting (XSS), Information Leak / Disclosure, and Input Validation. The most common CWE occur due to simple code errors and imprecise coding by developers.
However, open-source communities are also implementing various methods to track and report these issues such as GitHub security lab and automated detection tools. But it is highly recommended for even professionals to constantly check the basic security risk in the codebase.