Hey, guess what? Cybersecurity’s got some good news to share! So, there’s this report from the Synopsis Cybersecurity Research Center, and they’ve been playing detective with data on web apps, mobile apps, networks, and source code for the past three years. They’re doing it just like the bad guys would, using cool techniques like pentesting, dynamic app security testing, and all that jazz.
Here’s the scoop – vulnerabilities are taking a nosedive, going from 97% in 2020 to a way better 83% in 2022. Synopsys is saying it’s like a victory dance for code reviews, automated testing, and continuous integration – they’re actually making a dent in those usual programming blunders.
But, and there’s always a but, they’re dropping a truth bomb. Businesses shouldn’t put all their security hopes in one basket. Depending on just one security testing solution might mean missing out on important flaws. For instance, server misconfigurations made up around 18% of all the vulnerabilities found in the last three years. Without a mixed bag of security approaches, like SAST for coding oopsies, DAST for running apps, SCA for third-party component whoopsies, and good ol’ penetration testing, some sneaky vulnerabilities might just slip through.
On the upside, high-severity vulnerabilities are kinda rare. Over the past three years, about 92% of the tests found some kind of hiccup, but only 27% had high-severity ones, and a tiny 6.2% had the critical-severity drama. So, yeah, it’s like a win, but still, the cybersecurity game is all about keeping those radar antennas up!