Synopsys tuam txhab 1253 kev lag luam codebases thiab xaus lus tias yuav luag tag nrho (99%) ntawm cov ntawv thov kev lag luam tau tshuaj xyuas suav nrog tsawg kawg yog ib qho qhib kev tivthaiv, thiab 70% ntawm cov cai hauv cov chaw khaws cia tau tshuaj xyuas yog qhib qhov chaw. Rau kev sib piv, hauv kev tshawb fawb zoo sib xws hauv xyoo 2015, qhov sib koom ntawm qhov qhib yog 36%.
Txawm li cas los xij, feem ntau, tus neeg thib peb qhib qhov chaws siv tsis tau hloov kho thiab muaj cov teeb meem kev nyab xeeb - 91% ntawm cov codebases tshuaj xyuas tau qhib cov khoom uas tsis tau hloov kho rau ntau tshaj 5 xyoo lossis tau nyob hauv daim ntawv tso tseg rau. tsawg kawg yog ob xyoos thiab tsis tau tswj xyuas los ntawm cov neeg tsim khoom. Raws li qhov tshwm sim, 75% ntawm qhov qhib qhov chaws tau txheeb xyuas hauv cov chaw khaws cia muaj qhov tsis muaj kev paub txog qhov tsis zoo, ib nrab ntawm cov uas muaj qhov txaus ntshai. Hauv 2018 tus qauv, qhov sib koom ntawm cov cai nrog qhov tsis zoo yog 60%.
Qhov feem ntau txaus ntshai vulnerability yog
teeb meem (cov chaw taws teeb tswj kev ua haujlwm) hauv lub tsev qiv ntawv rau Node.js, vulnerable versions uas tau ntsib ntau tshaj 500 zaug. Qhov qub tshaj plaws uas tsis muaj qhov tsis zoo yog qhov teeb meem hauv lpd daemon (), hloov kho nyob rau hauv 1999.
Ntxiv nrog rau kev ruaj ntseg nyob rau hauv cov cai hauv paus ntawm kev lag luam tej yaam num, kuj muaj ib tug negligent tus cwj pwm ntawm kev ua raws li cov nqe lus ntawm cov ntawv tso cai dawb.
Hauv 73% ntawm cov codebases, cov teeb meem tau pom nrog kev raug cai ntawm kev siv qhib qhov chaw, piv txwv li, cov ntawv tso cai tsis sib xws (feem ntau GPL code suav nrog hauv cov khoom lag luam yam tsis tau qhib cov khoom lag luam derivative) lossis siv cov cai yam tsis tau qhia txog daim ntawv tso cai. 93% ntawm tag nrho cov teeb meem daim ntawv tso cai tshwm sim hauv web thiab mobile applications. Hauv kev ua si, virtual reality systems, multimedia thiab lom ze cov kev pab cuam, kev ua txhaum cai tau pom nyob rau hauv 59% ntawm cov neeg mob.
Nyob rau hauv tag nrho, txoj kev tshawb no tau txheeb xyuas 124 cov khoom qhib uas feem ntau siv nyob rau hauv tag nrho cov cai hauv paus. Qhov nrov tshaj plaws yog: jQuery (55%), Bootstrap (40%), Font Awesome (31%), Lodash (30%) thiab jQuery UI (29%). Hais txog cov lus programming, qhov nrov tshaj plaws yog JavaScript (siv hauv 74% ntawm cov haujlwm), C ++ (57%), Plhaub (54%), C (50%), Python (46%), Java (40%), TypeScript (36%), C# (36%); Perl (30%) thiab Ruby (25%). Tag nrho feem ntawm cov lus programming yog:
JavaScript (51%), C ++ (10%), Java (7%), Python (7%), Ruby (5%), Mus (4%), C (4%), PHP (4%), TypeScript ( 4%), C# (3%), Perl (2%) thiab Plhaub (1%).
Tau qhov twg los: opennet.ru