Meanwhile, the most dangerous vulnerabilities

[rakhirhif8963]

Kees Cook, a Linux kernel security engineer at Google, agrees: “C is an advanced assembler, almost machine code, but it has a number of weaknesses, including unpredictable behavior, which leads to security holes and infrastructure vulnerabilities.”

of the last five years have been discovered in C++, including buffer errors that are also present in C code.

As for JavaScript, it was the only language that showed a “continuous increase in vulnerabilities over the last 10 years.” However, WhiteSource emphasizes that criticism of JavaScript is not entirely appropriate, since most of the bugs in the CWE (Common Weakness Enumeration) database of publicly known vulnerabilities are directory traversals and “holes” in the cryptographic protection of JavaScript packages that are not sufficiently supported.

Developers of almost every popular programming egypt mobile database are reported to contribute to CWE. The top vulnerabilities are “cross-site scripting” (XSS, also known as CWE-79) and “insufficient input validation” (CWE-20), accounting for 70% of cases. Other common bugs include “information leak/disclosure” (CWE-200), “out of scope of designated directory” (CWE-22), and “permissions, privileges, and access controls” (CWE-264).

Despite the overall increase in vulnerabilities, the number of high-severity vulnerabilities in most languages ​​has decreased over the past decade, the report says. Python was named the most secure language by WhiteSource.