Flexera Software publishes an annual Vulnerability Review from Secunia Research, presenting global software vulnerability data for products in use in corporate environments. The annual review analyzes the evolution of software security from a vulnerability perspective. The Vulnerability Review 2016, presents global data on the prevalence of vulnerabilities and the availability of security patches, maps the security threat to IT infrastructures, and explores vulnerabilities in the 50 most popular applications.
Errors in software code work as an entry point for hackers and are often exploited to gain access to IT systems, vulnerabilities are a root cause of security issues. In 2015, Secunia Research at Flexera Software recorded over 16,000 vulnerabilities in software products from 263 vendors. The breadth of the problem – these vulnerabilities were found across 2,484 products – demonstrates the challenge faced by IT teams trying to protect their environment against cyber security breaches. The growing complexity of enterprise computing environments and the growing number software assets mean that IT teams must have complete visibility into which applications are installed and in use, and firm policies and procedures in place to deal with the vulnerabilities as they are reported.
To assess how exposed endpoints are, Flexera analyzed the software products typically found on an endpoint. Throughout 2015, anonymous data was gathered from scans of the millions of private computers which have the Flexera Software Personal Software Inspector installed.
For the sake of clarity, the report focuses on a representative portfolio of the 50 most common products found on a typical computer and the most used operating system, and analyzes the state of the portfolio and operating system throughout the course of 2015. These 50 applications are comprised of 34 Microsoft applications and 16 non-Microsoft (third-party) applications. Different vendors have different security update mechanisms. Microsoft applications, which account for 69% of the applications in the Top 50 portfolio, are updated automatically.
But Microsoft applications are only responsible for 21% of the vulnerabilities discovered in the Top 50 portfolio. Therefore, the non-Microsoft applications in your corporate environment play a significant role in security efforts.
Other findings in the Vulnerability Review 2016 confirm trends from previous years: at 25, the number of zero-day vulnerabilities was the same as in 2014; the split between vulnerabilities in Microsoft and non-Microsoft products in the 50 most popular applications on private PCs is at 21% and 79%. And most vulnerabilities – 84% – have a patch available on the day of disclosure.
Key findings from the Vulnerability Review 2016
1. Flexera Software recorded a total of 16,081 vulnerabilities in 2,484 products from 263 vendors.
2. 84% of vulnerabilities in all products had patches available on the day of disclosure.
3. 25 zero-day vulnerabilities were discovered – A zero-day vulnerability is a vulnerability that is being actively exploited by hackers before it is publicly known.
Download the Flexera Software Vulnerability Review 2016 for more key figures and facts on software vulnerabilities from a global information security perspective.
Timothy Davis is a Senior Product Marketing Manager at Flexera Software, and has worked in global marketing at high-tech firms such as BMC Software, VeriSign, McAfee, and Lotus. With over 25 years of experience in enterprise software, he has gained a deep understanding of the business challenges faced by IT organizations in enterprises of all sizes. Specializing in IT Service Management and Operations, Tim develops content that translates product features into real business benefits that help IT leaders learn about new and developing technologies that drive IT efficiency and improve customer satisfaction.