By Paul Krill
Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog.
Released on April 17, the report found that 90% of Java services were susceptible to one or more critical or high-severity vulnerabilities introduced by a third-party library. The average for other languages was 47%.
Datadog’s report analyzed tens of thousands of applications and container images and thousands of cloud environments to assess application security. Following Java in the vulnerabilities assessment were JavaScript, at roughly 70%; Python, at 62%; .NET, at 50%; PHP, at 35%; and Go (golang) and Ruby, both at about 32%.
Java services also were most likely to be vulnerable to real-world exploits with documented use by attackers. From a vulnerabilities list maintained by the US Cybersecurity and Infrastructure Security Agency, 55% of Java services were affected, as opposed to 7% of those of those built using other languages.
Additional findings from the report include:
Datadog said its findings demonstrate that modern devops practices go hand in hand with strong security measures. Security itself helps drive operational excellence, the company said. But security is only realistic when practitioners are given enough context and prioritization to focus on what matters.
