The list of top 25 most common and dangerous software bugs for 2022 has been released by a not-for-profit American organization MITRE.
The top five bugs
The top 5 bugs impacting software throughout the last two calendar years include:
- CWE-787: Out-of-bounds Write, KEV Count(CVEs): 62
- CWE-79: Cross-site Scripting, KEV Count(CVEs): 02
- CWE-89: SQL Injection, KEV Count(CVEs): 07
- CWE-20: Improper Input Validation, KEV Count(CVEs): 20
- CWE-125: Out-of-bounds read, KEV Count(CVEs): 01
To create this list, MITRE scored each weakness based on its prevalence and severity. The organization analyzed data for 37,899 CVEs from NIST's National Vulnerability Database (NVD) and CISA's Known Exploited Vulnerabilities (KEV) Catalog.
How can bugs harm the system?
- The software bugs can potentially be a medium to expose the systems they're running on to attacks.
- This could enable threat actors to take control of affected devices, and gain access to sensitive information.
Impact of the bugs
- The top 25 bugs mentioned in MITRE's list are considered highly critical because they're usually easy to discover, come with a high impact, and are prevalent in software released during the last two years.
- Bugs, which fall under the software weaknesses category also include flaws, vulnerabilities, and various other errors found extensively in software solutions' code, architecture, implementation, or design.
Conclusion
Every year, vulnerabilities that are commonly exploited by threat actors, and represent substantial risks to large enterprises, are continuously published by cybersecurity authorities around the world.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_401958334.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_496117879.jpg)
