Report: Scripting languages most vulnerable, mobile apps need better crypto

According to an analysis of over 200,000 applications, PHP is the programming language with the most vulnerabilities, mobile apps suffer from cryptography problems, and developers are more likely to fix errors found with static instead of dynamic analysis.

The report, by Boston-based security firm Veracode, was released this morning and is based on Veracode’s assessment of more than a trillion lines of code for customers at large and small companies, commercial software suppliers, and open source projects.

Scripting languages lead in vulnerabilities

Overall, scripting languages like PHP had a much higher incidence of vulnerabilities than Java or .NET, said Chris Wysopal, Veracode’s CTO and CISO.

To read this article in full or to leave a comment, please click here