{"id":38709,"date":"2020-12-15T14:22:11","date_gmt":"2020-12-15T14:22:11","guid":{"rendered":"http:\/\/ff4f5a26-97b5-460b-83b9-130247caa012"},"modified":"2020-12-15T14:22:11","modified_gmt":"2020-12-15T14:22:11","slug":"programming-language-security-these-are-the-worst-bugs-for-each-top-language","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/","title":{"rendered":"Programming language security: These are the worst bugs for each top language"},"content":{"rendered":"<p>If you&#8217;re a developer writing code in .NET, C++, Java, JavaScript, PHP or Python, new research highlights the main security vulnerabilities you need to watch out for.&nbsp; <\/p>\n<p>Static code analysis security firm Veracode has released numbers on the types of vulnerabilities that are most prevalent in 130,000 apps it scanned for security issues.&nbsp; <\/p>\n<p>It has looked at bug trends across apps written in .NET, C++, Java, JavaScript, PHP or Python. The numbers are compiled in <a href=\"https:\/\/www.veracode.com\/sites\/default\/files\/pdf\/resources\/ipapers\/security-flaw-heatmap\/index.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Veracode&#8217;s State of Software Security volume 11 report<\/a>.&nbsp; <\/p>\n<p>For JavaScript, the most popular language for front-end development, Veracode found that 31.5% of these apps have at least one cross-site scripting (XSS) flaw, while it found 74.6% of apps written in PHP have at least one XSS flaw. Additionally, 71% of PHP apps have cryptographic issues.&nbsp; <\/p>\n<p>The main issue for applications written in .NET is information leakage, found in 62.8% of .NET apps, while for C++ error handling is the top issue, found in 66.5% of these apps.&nbsp; <\/p>\n<p>And for Java apps, the top flaw found is Carriage Return or Line Feed or CRLF injection, present in 64.4% of them. Finally, the top security problem for Python apps, present in 35% of them, relates to cryptography. &nbsp; <\/p>\n<p>There is also a major difference between the severity of flaws found in apps in each language. Veracode found that 59% of apps written in C++ and 52% of apps written in PHP have high-severity flaws. However, it found only 9.6% of apps written in JavaScript have high-severity flaws. The high-severity flaw figure for Java is 24%. &nbsp; <\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>Veracode chief research officer Chris Eng explained to ZDNet why some of these trends in vulnerabilities in apps written in different languages are occurring and how to ensure they don&#8217;t become an expensive headache to fix. &nbsp; <\/p>\n<p>&#8220;When we look at the overall numbers, as an industry we haven&#8217;t eradicated any category of flaw over the past 10 years,&#8221; says Eng.&nbsp; <\/p>\n<p>&#8220;Nothing has completely gone away. A lot of things are fluctuating but when you look at the averages, it tends to more reflect the change in language choice and language popularity more than anything else. <\/p>\n<p>&#8220;We see buffer overflows that are common in C++ are trending down, not so much because we&#8217;ve gotten better as developers at reducing those issues but because C++ is becoming less prevalent.&#8221;&nbsp; <\/p>\n<p>On the other hand, the issues that affect JavaScript and Python are creeping up a bit because JavaScript is so popular right now, notes Eng. Java and .NET remain popular across the enterprise. <\/p>\n<p>PHP remains one of the most popular scripting languages for web application development, but Eng says the higher number of vulnerabilities in PHP code is because the language provides so many unsafe primitives and a lot of ways to do things wrong. <\/p>\n<p>&#8220;.NET was one of the first ones to make it a little harder to shoot yourself in the foot,&#8221; explains Eng.&nbsp; <\/p>\n<p>&#8220;You have safer defaults around a lot of the APIs and you see it&#8217;s a lot harder to make a cross-site scripting mistake or a SQL injection mistake in .NET than it is in PHP, where it will be default \u2013 unless you happen to be using one of these more modern frameworks that might provide more protections for you \u2013 there&#8217;s just a lot of ways you can mess up.&#8221; <\/p>\n<p>While Veracode found far fewer flaws in the JavaScript apps it analyzed, the vast npm ecosystem of open-source libraries for JavaScript and node.js is a potential weak spot, despite JavaScript&#8217;s safer defaults.&nbsp; <\/p>\n<p>&#8220;Even if you were to go and fix all the vulnerabilities you&#8217;ve coded yourself, you still have a pretty wide variety of third-party libraries,&#8221; says Eng.&nbsp; <\/p>\n<p>&#8220;Patching is really not as good as you would hope it would be. The trend is that developers download the latest version of the library at the time they need it and then they never update it again, unless something functionality-wise breaks.&#8221; <\/p>\n<p>How should engineering and product teams keep the hassle and cost of patching key applications down? Eng&#8217;s advice is to stay up to date and be aware of how much tech or security debt has built up in an application over time. At some point, the app will need to be fixed or patched, and that includes language updates and patches to key libraries.&nbsp; <\/p>\n<p>&#8220;If I&#8217;m version on 4.5 and version 4.6 comes out, I can apply that patch with very little chance of anything breaking functionality-wise. No open-source library is coming to make a major change to the library in a minor version. Now if you&#8217;re on version 2 and then you have to upgrade to version 4.6, there&#8217;s gonna be a lot of pain,&#8221; says Eng.&nbsp; &nbsp; <\/p>\n<p>This particular issue about updating libraries could be bigger for JavaScript via the huge npm ecosystem, but there are also large ecosystems around Java with Maven and Python with PyPI.&nbsp; <\/p>\n<p>Eng says the average JavaScript application has about 400 dependencies. If you go up to the 90th percentile of JavaScript applications, these can have 1,000 or 2,000 dependencies.&nbsp; <\/p>\n<p>Application security firm Snyk recently <a href=\"https:\/\/www.zdnet.com\/article\/more-than-75-of-all-vulnerabilities-reside-in-indirect-dependencies\/\" target=\"_blank\" rel=\"noopener noreferrer\">explained to ZDNet how most security bugs affecting JavaScript, Ruby, Java, PHP and Python<\/a> are due to indirect dependencies of primary components loaded inside a project. &nbsp; &nbsp; <\/p>\n<p>Then there are some very popular JavaScript libraries that are being used by 80% to 90% of all JavaScript applications out there. <\/p>\n<p>&#8220;Any time there&#8217;s a vulnerability in one of these packages, you inherit that risk. And it&#8217;s not just security risk,&#8221; says Eng. &nbsp; <\/p>\n<p>He points to the case of the left-pad JavaScript library <a href=\"https:\/\/www.zdnet.com\/article\/disgruntled-developer-breaks-thousands-of-javascript-node-js-apps\/\">that a developer removed from npm in 2016 following a dispute<\/a>.&nbsp; <\/p>\n<p>&#8220;It disappears off GitHub and suddenly two-thirds of the internet breaks because they were depending on this four-line library to determine whether a number was left-padded with zeros.&#8221; <\/p>\n<figure class=\"image image-original shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/zdnet1.cbsistatic.com\/hub\/i\/r\/2020\/12\/15\/db92fec1-c0b5-4909-9769-a86eec100f8e\/resize\/1200xauto\/b2b5151eea3f68ef0fd38c3a27b7c50e\/veracodesecurityflawlanguageheatmapdec20.jpg\" class alt=\"veracodesecurityflawlanguageheatmapdec20.jpg\" height=\"auto\" width=\"1200\"><\/span><figcaption readability=\"2\"><span class=\"caption\" readability=\"4\"><\/p>\n<p>Veracode&#8217;s numbers show by language the types of vulnerabilities most prevalent in 130,000 apps it scanned. &nbsp;<\/p>\n<p><\/span><span class=\"credit\"> Image: Veracode <\/span><\/figcaption><\/figure>\n<h3>More on programming languages<\/h3>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/programming-language-python-first-version-released-to-run-natively-on-apple-m1\/\"><strong>Programming language Python: First version released to run natively on Apple M1<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/javascript-at-25-the-programming-language-that-makes-the-world-go-round\/\"><strong>JavaScript at 25: The programming language that makes the world go round<\/strong><\/a><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/programming-languages-python-rules-rust-and-julia-rise-as-java-declines\/\"><strong>Programming languages: Python rules as Java declines<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/programming-languages-microsoft-typescript-leaps-ahead-of-c-php-and-c-on-github\/\"><strong>Programming languages: Microsoft TypeScript leaps ahead of C#, PHP and C++ on GitHub<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/programming-language-php-8-is-out-this-new-jit-compiler-points-to-better-performance\/\"><strong>Programming language PHP 8 is out: This new JIT compiler points to better performance<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/amazon-were-hiring-software-engineers-who-know-programming-language-rust\/\"><strong>Amazon: We&#8217;re hiring software engineers who know programming language Rust<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/programming-language-pythons-popularity-ahead-of-java-for-first-time-but-still-trailing-c\/\"><strong>Programming language Python&#8217;s popularity: Ahead of Java for first time but still trailing C<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/linux-foundation-well-host-mozillas-rust-programming-language-based-servo-web-engine\/\"><strong>Linux Foundation: We&#8217;ll host Mozilla&#8217;s Rust programming language-based Servo web engine<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/2020s-fastest-rising-tech-jobs-programming-language-php-leads-the-way\/\"><strong>2020&#8217;s fastest-rising tech jobs? Programming language PHP leads the way<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/programming-language-popularity-javascript-leads-5-million-new-developers-since-2017\/\"><strong>Programming language popularity: JavaScript leads \u2013 5 million new developers since 2017<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/programming-language-python-is-a-big-hit-for-machine-learning-but-now-it-needs-to-change\/\"><strong>Programming language Python is a big hit for machine learning. But now it needs to change<\/strong><\/a><strong>&nbsp;&nbsp;<\/strong><\/li>\n<li><strong><a href=\"https:\/\/www.techrepublic.com\/article\/is-julia-the-next-big-programming-language-mit-thinks-so-as-version-1-0-lands\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Is Julia the next big programming language? MIT thinks so, as version 1.0 lands<\/a>&nbsp;TechRepublic<\/strong>&nbsp;&nbsp;<\/li>\n<li><strong><a href=\"https:\/\/www.cnet.com\/news\/mozilla-open-source-firefox-move-helped-rewrite-tech-rules-anniversary\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Mozilla&#8217;s radical open-source move helped rewrite rules of tech<\/a>&nbsp;CNET<\/strong><\/li>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>C++ and PHP have far more high-severity security flaws than programming languages like JavaScript and Python.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":38710,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-38709","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Programming language security: These are the worst bugs for each top language 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Programming language security: These are the worst bugs for each top language 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-15T14:22:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"343\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Programming language security: These are the worst bugs for each top language\",\"datePublished\":\"2020-12-15T14:22:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/\"},\"wordCount\":1188,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/\",\"name\":\"Programming language security: These are the worst bugs for each top language 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg\",\"datePublished\":\"2020-12-15T14:22:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg\",\"width\":1200,\"height\":343},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Programming language security: These are the worst bugs for each top language\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Programming language security: These are the worst bugs for each top language 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/","og_locale":"en_US","og_type":"article","og_title":"Programming language security: These are the worst bugs for each top language 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-12-15T14:22:11+00:00","og_image":[{"width":1200,"height":343,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Programming language security: These are the worst bugs for each top language","datePublished":"2020-12-15T14:22:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/"},"wordCount":1188,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/","url":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/","name":"Programming language security: These are the worst bugs for each top language 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg","datePublished":"2020-12-15T14:22:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/programming-language-security-these-are-the-worst-bugs-for-each-top-language.jpg","width":1200,"height":343},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/programming-language-security-these-are-the-worst-bugs-for-each-top-language\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Programming language security: These are the worst bugs for each top language"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=38709"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38709\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/38710"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=38709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=38709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=38709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}