While C is a popular programming language, it is also known for its many security flaws. As per a popular open source security and license compliance management platform, WhiteSource, 50% of the total reported open source security vulnerabilities in the last ten years, C programming language had the highest security vulnerabilities.
A study conducted by WhiteSource highlights that
46.0% of reported open source vulnerabilities in the last ten years were found to be in the C programming language. PHP was the second most insecure programming language, accounting for 16.7% of all security vulnerabilities while Java was the third least secure programming language with 11.4% security issues.
Most of the vulnerabilities found in C programming language were
buffer errors and input validations. The report highlights the many reasons why C is not a well-maintained programming language from a security standpoint.
C programming language is behind many other software architectures that are popular among developers. Projects like Linux kernel, OpenSSL, PHP are powered by the C programming language. There are number of vulnerabilities that have accumulated all these years in these projects, C programming language is indirectly the cause of all problems.
There was a spike in reported vulnerabilities in 2017 due to a growing awareness in open source security vulnerabilities and also as a result of increase in bug bounty programs.