Photo credit: www.csoonline.com

Understanding High-Risk Vulnerabilities in Software Development

Recent findings indicate that the most prevalent high-risk vulnerability is CVE-2020-11023, an XSS vulnerability linked to older jQuery versions. Alarmingly, this vulnerability persists in about one-third of the codebases examined.

To address the risks posed by vulnerabilities in third-party and open-source software, it is crucial for organizations to adopt a proactive approach by regularly scanning their code during the software development life cycle. According to experts from Veracode, enterprises should enhance their operational practices to make the processes of updating, testing, and deploying new versions of custom applications more streamlined.

“Software composition analysis (SCA) is key in this context; it identifies and helps manage risks associated with third-party and open-source software components through automated methods,” noted Wysopal. “SCA tools generate software bills of materials (SBOM), conduct vulnerability scans, evaluate risk levels, and offer guidance on remediation.”

Source
www.csoonline.com