October 24, 2016
Hot Topics:

An Informal Static Analysis of Publicly Available Source Code

  • March 15, 2010
  • By Developer.com Staff
  • Send Email »
  • More Articles »

Codescan Labs scanned over ten million lines of publicly available web software source code: some proprietary, some commercial, and some open source. All the source code tested appeared to have potential security issues warranting further investigation. The overall median was 0.48 potential security issues per thousand lines of code.

Test results varied widely within each programming language; developer skill was clearly a more important factor than choice of language. Legacy ASP source code had the highest median, with 2.5 potential security issues per thousand lines of code. PHP had a lower median number of potential vulnerabilities than .Net.

Early versions of web applications had more potential issues than later versions. Testing showed that applications based on early versions of open source CMS are at risk and should be upgraded to the latest versions. At the same time, many users continue to stick with older versions of applications such as Wordpress and Xoops.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel