|Page (1) of 1 - 03/13/17||email article||print page|
Increase in Available Security Patches + Decrease in Patch Rates = Broken Software Supply Chain(March 13, 2017) Annual Flexera Vulnerability Review Shows 81 Percent of All Vulnerabilities Had Available Patches, Yet Common Software Programmes Remain Unpatched Flexera Software, the leading provider of Software Vulnerability Management solutions for application producers and enterprises, today released Vulnerability Review 2017, the annual report from Secunia Research at Flexera Software, which presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security vulnerability threat to IT infrastructures, and explores vulnerabilities in the 50 most popular applications on private PCs. Vulnerabilities are a root cause of security issues - errors in software that can work as an entry point for hackers, and be exploited to gain access to IT systems. In 2016, Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors. The breadth of the problem illustrates the challenge faced by IT teams trying to protect their environment against security breaches without the necessary automation. For organisations to stay on top of their environments, IT teams must have complete visibility of the applications that are in use, and firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed.
1. In 2016, Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors.
2. 81 percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.
3. 22 zero-day vulnerabilities were discovered in total in 2016, a decrease of 4 compared to the year before.
4. 18 percent of the 3,416 advisories released in 2016 were rated as ??Highly Critical', and 0.5 percent as ??Extremely Critical'.
5. In 2016, 713 vulnerabilities were discovered in the five most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari. That is a 27.5 percent decrease from 2015.
6. In 2016, 289 vulnerabilities were discovered in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.The 50 Most Popular Applications on Private PCs
7. 1,626 vulnerabilities were discovered in 25 products in the Top 50 most popular applications on private PCs.
8. 77.5 percent of vulnerabilities in the 50 most popular applications on private PCs in 2016 affected non-Microsoft applications, by far outnumbering the 9 percent of vulnerabilities found in the Windows 7 operating system or the 13.5 percent of vulnerabilities discovered in Microsoft applications.
9. The 15 non-Microsoft applications only account for 29 percent of products but are responsible for 77.5 percent of the vulnerabilities discovered in the Top 50. Microsoft applications (including the Windows 7 operating system) account for 71 percent of the products in the Top 50, but were only responsible for 22.5 percent of the vulnerabilities.
10. Over a five year period, the share of vulnerabilities in non-Microsoft applications hovers around 78 percent in the Top 50.
11. The total number of vulnerabilities in the Top 50 most popular applications was 1,626 in 2016, showing a 15 percent increase in the five-year trend. Most of these were rated by Secunia Research at Flexera Software as either 'Highly critical' (65 percent) or 'Extremely critical' (7.5 percent).
12. 92.5 percent of vulnerabilities in the Top 50 had patches available on the day of disclosure in 2016.About the Vulnerability Review 2017 The annual Vulnerability Review from Secunia Research at Flexera Software analyses the evolution of software security from a vulnerability perspective. It presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs. Identifying the 50 Most Popular Applications in the Top 50 Portfolio To assess how exposed endpoints are, we analyse the types of products typically found on an endpoint. For this analysis, we use anonymous data gathered from scans throughout 2016 of the Personal Software Inspector users' computers - with an average of 75 programmes installed on them. From country to country and region to region, there are variations as to which applications are installed. For the sake of clarity, we have chosen to focus on the state of a representative portfolio of the 50 most common applications found on the computers. These 50 applications are comprised of 35 Microsoft applications, and 15 non-Microsoft applications. Methodology Different approaches to counting vulnerabilities are adopted by research houses in the vulnerability management space. Secunia Research counts vulnerabilities per product the vulnerability appears in. We apply this method to reflect the level of information our customers need, to keep their environments secure, i.e. verified intelligence on all products affected by a given vulnerability. Although Apple Safari for Windows is categorized as end-of-life by Secunia Research, because it has not received maintenance and development for a period of three years, it is still found on 6% of PCs.
Related Keywords:Flexera Software, Vulnerability Review 2017, Secunia Research, security, threat
Related Sites: Corporate Media News , DMN Newswire , itbusinessnet.com , VideoBasedTutorials
Related Newsletter: CMN Newsletter , Tutorial Finder , Review Seeker , IBN - IT Weekly Newsletter , DMN Newswire Newsletter