1,208 Vulnerabilities Discovered in the 50 Most Popular Applications in 2013

Secunia Vulnerability Review 2014

The Secunia Vulnerability Review 2014 has been released. The report shows that a total of 1,208 vulnerabilities were discovered last year in the top 50 most popular applications. A total of 13,073 flaws were reported in all products in 2013.

76% of these vulnerabilities impacted third party software, the rest of the security holes being uncovered in Microsoft programs. However, it’s worth noting that the third party programs in which the vulnerabilities have been found represent only 34% of the 50 most popular applications installed on private computers.

“It is one thing that third-party programs are responsible for the majority of vulnerabilities on a typical PC, rather than Microsoft programs. However, another very important security factor is how easy it is to update Microsoft programs compared to third-party programs,” said Secunia CTO Morten R. Stengaard.

“Quite simply, the automation with which Microsoft security updates are made available to end users – through auto-updates, Configuration Management systems and update services – ensures that it is a reasonably simple task to protect private PCs and corporate infrastructures from the vulnerabilities discovered in Microsoft products,” Stengaard added.

“This is not so with the large number of third-party vendors, many of whom lack either the capabilities, resources or security focus to make security updates automatically and easily available.”

The report highlights the fact that 86% of the security bugs discovered in 2013 in the top 50 most popular products were actually patched on the day on which their existence was made public. In general, 79% of vulnerabilities identified in all products had patches available on the day of disclosure.

“With these numbers in mind, we can conclude that intelligent, comprehensive and deployable patch management goes a long way towards protecting IT infrastructures. And supported by an effective risk management strategy it is possible for organizations to meet the threat posed by vulnerabilities, and to protect the business-critical and sensitive information they store in their systems,” Stengaard said.

The vulnerability review analyzes the breach suffered last year by the US Department of Energy, which impacted over 100,000 people and cost the government $1.6 million (€1,17 million).

The breach – possible due to a combination of managerial and technological weaknesses – is a perfect example of why organizations need to gain proper visibility into their networks. Stengaard highlights the need for visibility so that enterprises are capable of determining the “criticality of a threat to their data.”

The complete Secunia Vulnerability Review 2014 is available on the company’s website.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s