Actu
Is Your Security Software Secure? Not So Much. One Reason? Vulnerable Open Source Components
November 2016 by Flexera Software
With security software serving on the front
line – protecting individuals and enterprises from hacker threat – it may come
up as a surprise that between August and October of 2016 – 11 security products
were included on a list of products with the most software vulnerabilities.
Flexera Software just released its Vulnerability Update[1] covering the
Top 20 products with the most vulnerabilities in August, September and October,
2016. According to the report, of the 46 products appearing at least once in the
list of top 20 products with the most vulnerabilities during those months, 11 were
security-related products from vendors such as AlienVault, IBM, Juniper, McAfee,
Palo Alto and Splunk.
Security Products Are Not Immune to Software Vulnerabilities
A vulnerability is simply a flaw in application code that, if left unpatched, can be
exploited by hackers with malicious intent. Today’s report underscores the reality
that all applications can contain vulnerabilities – even security software.
“It is important for organisations to understand that there will always be
software vulnerabilities, and there will always be hackers with malicious intent,
working to exploit those vulnerabilities,” said Kasper Lindgaard, Director of
Secunia Research at Flexera Software. “The good news is that the vast majority of
vulnerabilities have patches available on the day they are made public. This means
that companies and individual PC users that implement a Software Vulnerability
Management solution can minimise their risk of attack – and the consequences of
stolen data.”
Open Source Components Pose Significant Software Vulnerability Risk
Flexera Software’s Secunia Research team reviewed the vulnerabilities in the
security products named in today’s report. They found that many of the
vulnerabilities within those security products were actually imbedded in open source
components used within those products.
According to Jeff Luszcz, Vice President of Product Management for Flexera’s
Software Composition Analysis solutions, software producers and Internet of Things
(IoT) manufacturers routinely use open source components within their software code.
“Open source components constitute as much as 50 percent of the global code base.
And, as the Heartbleed open source vulnerability reminds us, vulnerable open source
components built into software products can cause global disruption if they are not
discovered and patched prior to delivering software products to customers,” said
Luszcz. “Every software and IoT producer must understand these risks, and leverage
technology to automate open source component scanning, governance and vulnerability
management.”
You can download the Vulnerability Update here:
http://www.flexerasoftware.com/vulnerability-update-oct2016?utm_source=Marketwired&utm_campaign=VulnUpdateAug-Oct2016&utm_medium=PR
[1] The Vulnerability Update is a recurring report based on data from Flexera
Software’s Vulnerability Database. It provides a Top 20 per month of products with
the most vulnerabilities recorded over a three month period, along with brief
comments from Secunia Research at Flexera Software.
