Study: Thousands more vulnerabilities reported in 2014 than previous years


Last year saw thousands of more bugs being reported to the National Vulnerability Database (NVD) than in years prior, according to a Wednesday blog post from GFI Software, which takes a look at more than 7,000 vulnerabilities added to the NVD in 2014.

Christian Florian, product manager at GFI Software, wrote in the post that 7,038 vulnerabilities – 83 percent of which are in third-party applications – were added to the NVD in 2014, and 1,705 of them (24 percent) were considered high severity bugs.

The overall number represents a spike when compared to the 4,794 bugs added in 2013, of which 1,612 were deemed high in severity, and the 4,347 added in 2012, of which 1,488 were deemed high in severity, according to the post.

When it comes to vulnerabilities in operating systems in 2014, the post states that 147 bugs were reported in Apple's OS X – 64 were considered high severity bugs – and 119 flaws were reported in Linux kernel, with 24 being deemed high in severity.

The post provides more of a breakdown for Microsoft operating systems such as Windows Server 2008, Windows 7 and Windows 8.1. Each of the seven listed Microsoft operating systems had between 30 and 38 vulnerabilities reported in 2014, and between 22 and 26 of the bugs reported in each operating system are considered high in severity.

Apple's iOS is the only mobile operating system on the list – 127 vulnerabilities were reported in iOS in 2014, with 32 being considered high severity bugs, the post indicated.

“Mobile OS, like iOS, are being developed very fast and each version [has] a lot of new features,” Michael Shaulov, CEO of Lacoon Mobile Security, told in a Tuesday email correspondence. “It's also a new OS, so that would make sense that they would have a [fair] amount of vulnerabilities.”

Regarding vulnerabilities in applications in 2014, Internet Explorer was listed in the post as having 242 reported bugs, Chrome was listed as having 124 reported bugs, and Firefox was listed as having 117 reported bugs.

Additionally, 104 vulnerabilities were reported in Oracle Java and 76 flaws were reported in Adobe Flash Player, according to the post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.