DeepCode reveals the top security issues plaguing software developers

Deep Code reveals the top security issues plaguing software developers

DeepCode reveals the top security issues plaguing software developers
Courtesy: Jakub Lewkowicz | News Source:

DeepCode has revealed the most important bugs as well as the top security vulnerabilities. The analysis comes from the company’s AI-powered code review tool, which analyzed hundreds of thousands of open-source projects to narrow down the vulnerabilities that happen with the most frequency. 

According to the analysis, file I/O corruptions are the biggest general issue while missing input data sanitization is the top security vulnerability.

“The problems that come up with are pretty serious in file corruption, which can lead to data loss or unusable data being being processed and an application crashing the cause of it,” Boris Paskalev told SD Times. “But even worse, it can actually end up using corrupted data without knowing and the application just keeps it working such as in sectors like aeronautics and driving cars, which could be detrimental or dangerous.” 

Paskalev explained that many of these vulnerabilities are occurring because software has become drastically more complex due to the large amounts of libraries being used. In addition, there are more hackers now trying to exploit these vulnerabilities. He added that the list of vulnerabilities is not exhaustive and developers should look into ones that are tailored to their type of application. 

“The hard part is that not all developers are trained or have the time to actually spend to actually search for them and a lot of them are really tricky,” Boris Paskalev told SD Times. “Even during a normal code review uh, you can oftentimes miss some of them and the main reason is you might not necessarily be looking for this specific thing.”

According to DeepCode, the most important bugs include: 

File I/O corruptions

API contract violations

Null references

Process/threading deadlock problems

Incorrect type checking

Expression logic mistakes

Regular expression mistakes

Invalid time/date formatting

Resource leaks

Portability limitations

The most important security vulnerabilities include:

Missing input data sanitization

Insecure password handling

Protocol insecurities

Indefensive permissions

Man-in-the-Middle attacks

Weak cryptography algorithms

Lack of information hiding

 “As developers enter a new year and decade, we want them to be aware of the most important coding problems for 2020 and beyond,” said Paskalev. “With DeepCode by their side, they’ll be able to make sure that these issues and countless others don’t affect their software.”