The use of deprecated or obsolete functions could indicate neglected code.
As programming languages evolve, methods occasionally become obsolete due to:
- Advances in the language
- Improved understanding of how operations should perform
effectively and
securely
- Changes in the conventions that govern certain operations
Methods that are removed from a language are usually replaced by newer
counterparts that perform the same task in some different and hopefully better way.
Not all functions are deprecated or replaced because they pose a security risk.
However, the presence of an obsolete function often indicates that the surrounding code has been neglected and may be in a state of disrepair. Software security has not been a
priority, or even a consideration, for very long. If the program uses deprecated or obsolete functions, it raises the probability that there are security problems lurking nearby.
[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 477