State of DevSecOps report finds 90% of Java services susceptible to vulnerabilities in third-party libraries. Credit: Pla2na/Shutterstock Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog. Released on April 17, the report found that 90% of Java services were susceptible to one or more critical or high-severity vulnerabilities introduced by a third-party library. The average for other languages was 47%. Datadog’s report analyzed tens of thousands of applications and container images and thousands of cloud environments to assess application security. Following Java in the vulnerabilities assessment were JavaScript, at roughly 70%; Python, at 62%; .NET, at 50%; PHP, at 35%; and Go (golang) and Ruby, both at about 32%. Java services also were most likely to be vulnerable to real-world exploits with documented use by attackers. From a vulnerabilities list maintained by the US Cybersecurity and Infrastructure Security Agency, 55% of Java services were affected, as opposed to 7% of those of those built using other languages. Additional findings from the report include: At least 38% of organizations leveraging Amazon Web Services (AWS) had deployed workloads or completed sensitive actions manually through the AWS console in a production environment within a 14-day period, meaning they were relying on risky click operations instead of automation. 63% of organizations continue to rely on long-lived credentials—one of the most common causes of data breaches—in CI/CD pipelines, even in cases where short-lived ones would be more practical and secure. Only a small portion of identified vulnerabilities were worth prioritizing. Adoption of infrastructure as code was high, but varied across cloud providers. The vast majority of attacks performed by automated security scanners were harmless and only generated noise for defenders. Lightweight container images lead to fewer vulnerabilities. Datadog said its findings demonstrate that modern devops practices go hand in hand with strong security measures. Security itself helps drive operational excellence, the company said. But security is only realistic when practitioners are given enough context and prioritization to focus on what matters. Related content analysis And the #1 Python IDE is . . . PyCharm, VS Code, and five other popular Python IDEs duke it out. Which one do you think takes home the prize? By Serdar Yegulalp Nov 15, 2024 2 mins Python Programming Languages Software Development news JetBrains IDEs ease debugging for Kubernetes apps Version 2024.3 updates to IntelliJ, PyCharm, WebStorm, and other JetBrains IDEs streamline remote debugging of Kubernetes microservices and much more. By Paul Krill Nov 14, 2024 3 mins Integrated Development Environments Java Python analysis Python is the most popular language on GitHub Python was in the spotlight all last month, with a new release and a couple of big wins. Here are our picks for the best news and tutorials for Python developers in October. By Serdar Yegulalp Nov 01, 2024 2 mins Python Programming Languages Software Development feature Python threading and subprocesses explained Python lets you parallelize workloads using threads, subprocesses, or both. Here's what you need to know about Python's thread and process pools and Python threads after Python 3.13. By Serdar Yegulalp Oct 30, 2024 9 mins Concurrency Python Programming Languages Resources Videos