DeepCode has revealed the most important bugs as well as the top security vulnerabilities. The analysis comes from the company’s AI-powered code review tool, which analyzed hundreds of thousands of open-source projects to narrow down the vulnerabilities that happen with the most frequency. 

According to the analysis, file I/O corruptions are the biggest general issue while missing input data sanitization is the top security vulnerability.

Top considerations for DevSecOps to reduce security risk
HackerOne’s top 10 security vulnerabilities

“The problems that come up with are pretty serious in file corruption, which can lead to data loss or unusable data being being processed and an application crashing the cause of it,” Boris Paskalev told SD Times. “But even worse, it can actually end up using corrupted data without knowing and the application just keeps it working such as in sectors like aeronautics and driving cars, which could be detrimental or dangerous.” 

Paskalev explained that many of these vulnerabilities are occurring because software has become drastically more complex due to the large amounts of libraries being used. In addition, there are more hackers now trying to exploit these vulnerabilities. He added that the list of vulnerabilities is not exhaustive and developers should look into ones that are tailored to their type of application. 

“The hard part is that not all developers are trained or have the time to actually spend to actually search for them and a lot of them are really tricky,” Boris Paskalev told SD Times. “Even during a normal code review uh, you can oftentimes miss some of them and the main reason is you might not necessarily be looking for this specific thing.”

According to DeepCode, the most important bugs include: 

  1. File I/O corruptions
  2. API contract violations
  3. Null references
  4. Process/threading deadlock problems
  5. Incorrect type checking
  6. Expression logic mistakes
  7. Regular expression mistakes
  8. Invalid time/date formatting
  9. Resource leaks
  10. Portability limitations

The most important security vulnerabilities include:

  1. Missing input data sanitization
  2. Insecure password handling
  3. Protocol insecurities
  4. Indefensive permissions
  5. Man-in-the-Middle attacks
  6. Weak cryptography algorithms
  7. Lack of information hiding

 “As developers enter a new year and decade, we want them to be aware of the most important coding problems for 2020 and beyond,” said Paskalev. “With DeepCode by their side, they’ll be able to make sure that these issues and countless others don’t affect their software.”