Third-party applications posed the greatest vulnerabilities in 2011, with 78 per cent of all bugs, versus only 10 percent in Microsoft software products, a new report revealed today.
"What we see is a consolidation, with fewer vendors responsible for more vulnerabilities. Most of the vulnerabilities are highly critical and exploitable," said Stefan Frei, research analyst director for Secunia.
Compared with 2006, the rise in third-party bugs is quite dramatic just six years ago it was less than half, at around 45 per cent. The report estimates that 12 per cent of last year's bugs were in operating systems.
Secunia also found that more than half of software programs in which vulnerabilities are found in an organization with more than 600 programs, aren't vulnerable 12 months later. Half that are not vulnerable one year will be the next. "Therefore, identifying all installed programs and implementing an agile, dynamic patching strategy according to criticality in the remediation phase, as opposed to a short-sighted approach of only patching a static set of preferred programs, clearly wins in terms of achieving optimal risk reduction with limited resources," Frei said in a statement.
While vulnerabilities decreased last year overall, the top 20 commercial and open-source software providers were unable to reduce the number of bugs in their products, according to the report.
Frei said: "Despite all the investment they made into security, none of them achieved the result of reducing the number of vulnerabilities in 2011 compared to the previous five years," he says. "I would have expected an even playing field where some would have decreased or increased. It shows that this is an arms race and still a very complex problem."
Return to internet news headlines
View Internet News Archive