State of Product Security Report 2023-2025

This report presents findings from product security reviews conducted by Bishop Fox between 2023 and 2025. It outlines the most common product security weaknesses identified during hands-on testing, emphasizing that attackers often exploit basic, preventable flaws rather than relying on advanced exploits. The report details how vulnerabilities vary across different industries and discusses the implications of these weaknesses, including regulatory risks and impacts on brand trust. A significant focus is placed on the severity distribution of identified issues, revealing that while critical flaws are rare, medium and low-severity findings constitute a majority of the vulnerabilities, creating opportunities for compromise. The report categorizes the most common weaknesses, including authentication failures, exposed interfaces, weak cryptography, and insecure configurations, providing a clear path forward for improving product security.