Software vulnerabilities are on the decline, but that's no reason to relax

The results have shown a significant decline in vulnerabilities - from 97% in 2020 to 83% in 2022. Synopsys describes the findings as “an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors.”

High-severity flaws on the decline, too

However, the researchers also concluded that businesses must not rely on a single security testing solution, otherwise they’re risking missing important flaws: “For example, server misconfigurations represented an average of 18% of the total vulnerabilities found in the three years of tests. Without a multilayered security approach that combines SAST to identify coding flaws, DAST to examine running applications, SCA to identify vulnerabilities introduced by third-party components, and penetration testing to identify issues that might have been missed by internal testing, these types of vulnerabilities will likely go unchecked.”

There is more good news in the report, however. High-severity vulnerabilities, for example, are less likely. On average, over the past three years, 92% of the tests identified some kind of vulnerability, but just 27% of those tests contained high-severity vulnerabilities, and 6.2% contained critical-severity vulnerabilities.

On the flipside, cross-site scripting (XSS) is on the rise. Of all high-risk flaws found last year, 19% were found to be susceptible to XSS. Those interested in learning more can read the full report on this link. 

More from TechRadar Pro

• The US government is officially investigating the MOVEit vulnerability
• Here's a list of the best firewalls today
• These are the best endpoint security tools right now