Flexera Software - The leading provider of software licensing, entitlement management, installation, and application readiness

On November 2, 2015, the Secunia blog will be moving

In September 2015, Secunia was acquired by Flexera Software.

The blog posts and news on secunia.com will therefore be moved to a brand new Software Vulnerability Management section on FlexeraSoftware.com

From November 2 you can visit us there, for an uninterrupted stream of news about the Software Sulnerability Management solutions and Secunia Research.

Get this blog as an RSS Feed

HelpNet Article: The vulnerability species: Origin and evolution

14:00 CET, 28th January 2011 By Secunia.

There is an on-going arms-race in the IT security industry between vendors striving to produce secure software, and researchers’ and cybercriminals’ efforts (and successes) in finding new vulnerabilities in software. The number of vulnerabilities in general over the last five years reached over 4,300 on average per year with no significant up- or downward trend. During the period from 2009 to 2010, the number actually decreased by 3%. Therefore it is fair to say that, on a large scale, the security ecosystem appears to be in a sort of state of equilibrium regarding the current rate of vulnerabilities. Vulnerabilities are counted as the number of unique CVEs.

However, computer users cannot be complacent. Significantly, Secunia’s Yearly Report for 2010 revealed that out of more than 4,000 vendors on the market today, just 14 vendors with products in use on millions of private and corporate systems daily, were responsible for over half of the vulnerabilities discovered in the last two years: Adobe Systems, Apache Software Foundation, Apple, Cisco, Google, HP, IBM, Kernel.org, Microsoft, Mozilla Organization, Novell, Oracle (includes Sun Microsystem, BEA, and Peoplesoft as a result of recent acquisitions), RealNetworks, and VMware.

The evolving vulnerability threat

Unfortunately vulnerabilities are still the ‘Achilles’ Heel’ of any IT system particularly for end-point PCs. An alarming trend for this sub-section was also highlighted: cybercriminals are now focusing their specific efforts on end-users. Vulnerabilities on end-points are commonly exploited when users visit a malicious website (with content controlled or injected by an attacker), or open data, files, or documents with one of the numerous programs and plug-ins installed on their end-points. The sheer variety and prevalence of programs found on typical end-points, coupled with unpredictable user usage patterns, make end-points an attractive and easy to exploit target for cybercriminals.

To read the rest of the article, visit HelpNet at: http://www.net-security.org/article.php?id=1553

Discuss this press release
A new thread in our forum is created. Activate the thread by commenting/discussing below.

Subject: HelpNet Article: The vulnerability species: Origin and evolution

No posts yet
You must be logged in to post a comment.