Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog.
Released on April 17, the report found that 90% of Java services were susceptible to one or more critical or high-severity vulnerabilities introduced by a third-party library. The average for other languages was 47%.
Datadog’s report analyzed tens of thousands of applications and container images and thousands of cloud environments to assess application security. Following Java in the vulnerabilities assessment were JavaScript, at roughly 70%; Python, at 62%; .NET, at 50%; PHP, at 35%; and Go (golang) and Ruby, both at about 32%.