C is the least secure programming language, says study

The popularity of C programming language, one of the oldest programming languages around is indisputable. Among the many reasons, portability and efficiency are among the top reasons for the popularity of C programming.

While C is a popular programming language, it is also known for its many security flaws. As per a popular open source security and license compliance management platform, WhiteSource, 50% of the total reported open source security vulnerabilities in the last ten years, C programming language had the highest security vulnerabilities.

A study conducted by WhiteSource highlights that
46.0% of reported open source vulnerabilities in the last ten years were found to be in the C programming language. PHP was the second most insecure programming language, accounting for 16.7% of all security vulnerabilities while Java was the third least secure programming language with 11.4% security issues.

Most of the vulnerabilities found in C programming language were
buffer errors and input validations. The report highlights the many reasons why C is not a well-maintained programming language from a security standpoint.

C programming language is behind many other software architectures that are popular among developers. Projects like Linux kernel, OpenSSL, PHP are powered by the C programming language. There are number of vulnerabilities that have accumulated all these years in these projects, C programming language is indirectly the cause of all problems.

There was a spike in reported vulnerabilities in 2017 due to a growing awareness in open source security vulnerabilities and also as a result of increase in bug bounty programs.