Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

10K vulnerabilities in nearly 2K products, report says

While many focus on the vulnerabilities in Windows, OS and even Linux products, the bugs in less popular software could pose an equal threat to corporate infrastructure.

Researchers at the security firm Secunia recorded bugs in products from Oracle Solaris, IBM i5/OS, and F5 TMOS, among others. Between Jan. 1 and July 31 of this year Secunia detected 9,225 vulnerabilities in 1,993 products, according to the Vulnerability Update report. While these numbers are on par with last year, the report noted there has been a slight uptick in the amount of vulnerabilities that were labeled “extremely critical” and “highly critical.”

Of all the vendors monitored, IBM had the most vulnerable products with the researchers finding 500-plus bugs in more than a dozen of the company's products between May and July 2015 alone. The report also noted that the Avant Browser was the single most buggy product with 206 vulnerabilities reported last quarter. It is unclear whether any of these vulnerabilities have been patched.

“There are a lot of applications that are insecure that people don't know about,” Kasper Lindgaard, Secunia director of research and security told SCMagazine.com.

Lingaard went on to say that the amount of venders producing these vulnerable products is decreasing however the amount of vulnerable products has been increasing. He said it is unclear if this is the result of a smaller amount of venders producing more vulnerable products or not.

The report did note that the Stagefright scare helped to boost mobile security efforts in third party Android developers. 

"While there is no question that the Stagefright vulnerabilities were a nasty bunch, some good did come of the scare," the report said.

Researchers said the pledge between Google, Samsung and LG to send out monthly security patches and similar efforts made by other Android developers is a step in the right direction.  

 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.