AppSec Solutions Study Identifies the Most Vulnerable Programming Languages

The AppSec Solutions team conducted a study of vulnerabilities in the development of Russian software and identified which aspects of code and programming languages are most at risk of cyberattacks.

The study was conducted on the basis of AppSec.Hub, during which DevSecOps metrics related to code flaws and data leak risks were analyzed. The analysis covered 98 development teams from various industries, including the financial sector, telecommunications, industry, and fuel and energy sector. Specialists studied more than 140 million lines of code to determine the main security risk density metrics, using weekly data on identified and uncorrected vulnerabilities.

The results of the analysis showed that programming languages have different levels of vulnerability risk. The highest risk density was recorded for software written in C# and Java. For example, C# had a median security risk density (SRD) of 4.58, which is the highest among all the analyzed languages. At the same time, the Go, Python, and SQL programming languages showed the lowest levels of risk.

Anton Basharin, Senior Managing Director at AppSec Solutions, noted that Java and C# are most vulnerable to attacks due to the many dependencies and the popularity of these languages among developers. In contrast, Go (Golang), developed by Google, is considered a more secure language due to its combination of speed and security, similar to C/C++, but with fewer opportunities for vulnerabilities.

Read materials on the topic:

More than 30 languages: Yandex introduced a tool for automating code writing based on neural networks

Russia will entrust AI with the design of digital integrated circuits

Faster by tens of percent: Russian scientists have come up with a way to speed up microprocessors