90% of Java Services Vulnerable to Third-Party Library Issues, State of DevSecOps Report Finds
Java services are facing significant security challenges due to vulnerabilities in third-party libraries, according to the newly released “State of DevSecOps 2024” report by cloud security provider Datadog. The report, published on April 17, highlights that Java services are the most affected by such vulnerabilities compared to other programming languages.
The findings are striking: 90% of Java services were found to be susceptible to one or more critical or high-severity vulnerabilities originating from third-party libraries. This is substantially higher than the average vulnerability rate for other programming languages, which stands at 47%. This high susceptibility underscores a major concern for developers and organizations relying on Java for their services.
Datadog’s report is based on an extensive analysis of tens of thousands of applications and container images, as well as thousands of cloud environments. This comprehensive review aimed to provide a clear picture of application security across different languages and platforms. The results place Java at the top of the list in terms of exposure to vulnerabilities, with JavaScript following closely at approximately 70%, Python at 62%, and .NET at 50%. PHP, Go (Golang), and Ruby have relatively lower vulnerability rates, with PHP at 35% and Go and Ruby both at around 32%.
Moreover, Java services are not only prone to vulnerabilities but also appear to be more likely to be exploited in real-world scenarios. According to the report, 55% of Java services were affected by vulnerabilities that have been documented as actively exploited by attackers, as listed by the US Cybersecurity and Infrastructure Security Agency. In stark contrast, only 7% of services built with other languages experienced similar levels of exploitation.
This disparity highlights the critical need for enhanced security measures and vigilant monitoring for Java-based applications. Organizations using Java services should be particularly proactive in addressing potential vulnerabilities in their third-party libraries to safeguard against security breaches and ensure robust protection against exploits.
In response to these findings, the report suggests that developers and security teams should prioritize rigorous vulnerability management practices and consider adopting more comprehensive tools and strategies for securing their Java applications. Addressing these vulnerabilities will be crucial for mitigating risks and protecting sensitive data in today’s increasingly complex digital landscape.