November 1, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

An Informal Static Analysis of Publicly Available Source Code

  • March 15, 2010
  • By Developer.com Staff
  • Send Email »
  • More Articles »

Codescan Labs scanned over ten million lines of publicly available web software source code: some proprietary, some commercial, and some open source. All the source code tested appeared to have potential security issues warranting further investigation. The overall median was 0.48 potential security issues per thousand lines of code.

Test results varied widely within each programming language; developer skill was clearly a more important factor than choice of language. Legacy ASP source code had the highest median, with 2.5 potential security issues per thousand lines of code. PHP had a lower median number of potential vulnerabilities than .Net.

Early versions of web applications had more potential issues than later versions. Testing showed that applications based on early versions of open source CMS are at risk and should be upgraded to the latest versions. At the same time, many users continue to stick with older versions of applications such as Wordpress and Xoops.






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel