Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

16,081 Vulnerabilities Recorded in Close to 2,500 Applications in 2015

March 2016 by Flexera Software

Flexera Software released the Vulnerability Review 2016, the annual report from Secunia Research at Flexera Software, which presents
global data on the prevalence of vulnerabilities and the availability of patches,
maps the security vulnerability threat to IT infrastructures, and also explores
vulnerabilities in the 50 most popular applications on private PCs.

Vulnerabilities are a root cause of security issues – errors in software that can
work as an entry point for hackers and be exploited to gain access to IT systems. In
2015, Secunia Research at Flexera Software recorded a total of 16,081
vulnerabilities in 2,484 products from 263 vendors. The breadth of the problem –
16,081 vulnerabilities across 2,484 vulnerable products – illustrates the
challenge faced by IT teams trying to protect their environment against security
breaches. For organisations to stay on top of their environments, IT teams must have
complete visibility of the applications that are in use, and firm policies and
procedures in place, in order to deal with the vulnerabilities as they are
disclosed.

Drop in number of vulnerable products and number of vendors

The corresponding numbers for 2014 were 15,698 vulnerabilities in 3,907 products
from 514 vendors.

“The substantial 36 percent drop in number of products and 49 percent drop in
vendors primarily reflects an adjustment in focus from Secunia Research to only
monitor the systems and applications in use in the environments of customers of
Flexera Software’s Software Vulnerability Management product line. This change is
caused by a continuous rise in the number of vulnerabilities reported in recent
years, and we are currently seeing other research houses choosing similar strategies
– CVE Mitre, for example,” explained Kasper Lindgaard, Director of Secunia
Research at Flexera Software.

Patch Rates and Zero-day Vulnerabilities

Other findings in the Vulnerability Review 2016 confirm trends from previous years:
at 25, the number of zero-day vulnerabilities was the same as in 2014; the split
between vulnerabilities in Microsoft and non-Microsoft products in the 50 most
popular applications on private PCs is at 21 percent and 79 percent. And most
vulnerabilities – 84 percent – have a patch available on the day of disclosure.
30 days after the vulnerability was first disclosed, only one additional percent has
a patch. Particularly for organisations with a vast array of endpoints to manage -
including devices not regularly connected to corporate networks - this means that a
variety of mitigating software vulnerability management efforts are required, to
ensure sufficient protection.

Key findings from the Vulnerability Review 2016

Total Numbers across All Applications
 1. In 2015, Secunia Research at Flexera Software recorded a total of 16,081
vulnerabilities in 2,484 products from 263 vendors.
 2. 84 percent of vulnerabilities in all products had patches available on the day
of disclosure in 2015.
 3. 25 zero-day vulnerabilities were discovered in total in 2015, the same number
as the year before.
 4. 13.3 percent of the 16,081 vulnerabilities discovered in 2015 were rated as
‘Highly Critical’, and 0.5 percent as ‘Extremely Critical’.
 5. In 2015, 1,114 vulnerabilities were discovered in the five most popular
browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari[1].
That is a 4 percent increase from 2014.
 6. In 2015, 147 vulnerabilities were discovered in the five most popular PDF
readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF
Reader.

The 50 Most Popular Applications on Private PCs
 7. 2,048 vulnerabilities were discovered in 25 products in the Top 50 most
popular applications on private PCs.
 8. 79 percent of vulnerabilities in the 50 most popular applications on private
PCs in 2015 affected non-Microsoft applications, by far outnumbering the 7 percent
of vulnerabilities found in the Windows 7 operating system or the 14 percent of
vulnerabilities discovered in Microsoft applications.
 9. The 17 non-Microsoft applications only account for 33 percent of products but
are responsible for 79 percent of the vulnerabilities discovered in the Top 50.
Microsoft applications (including the Windows 7 operating system) account for 67
percent of the products in the Top 50, but were only responsible for 21 percent of
the vulnerabilities.
 10. Over a five-year period, the share of vulnerabilities in non-Microsoft
applications hovers around 78 percent in the Top 50.
 11. The total number of vulnerabilities in the Top 50 most popular applications was
2,048 in 2015, showing a 77 percent increase in the five-year trend. Most of these
were rated by Secunia Research at Flexera Software as either ’Highly critical’ (62.8
percent) or ’Extremely critical’ (8.6 percent).
 12. 85 percent of vulnerabilities in the Top 50 had patches available on the day of
disclosure in 2015.


[1] Although Apple Safari for Windows is categorised as end-of-life by Secunia
Research, because it has not received maintenance and development for a period of
three years, it is still found on 7% of PCs.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts