Zero day, Web browser vulnerabilities spike in 2014

25 Mar 2015 | Author: | No comments yet »

15,435 vulnerabilities in close to 4,000 applications in 2014.

The data comes from Secunia, a Danish security vendor that releases an annual study of trends in software vulnerabilities, which are used by hackers to compromise computers. 15,435 vulnerabilities across 3,870 applications were recorded in 2014 – that’s an 18% increase in vulnerabilities compared to the year before, and a 22% increase in the number of products. Secunia found that over 83 percent of 15,435 vulnerabilities found in 3,870 applications had a patch available when a flaw was publicly disclosed. “The most likely explanation is that researchers are continuing to coordinate their vulnerability reports with vendors and their vulnerability programs, resulting in immediate availability of patches for the majority of cases,” according to the report.

Vulnerabilities are a root cause of security issues – an error in software that can work as an entry point for hackers, and can be exploited to gain access to IT systems. IT teams need to have complete visibility of the applications that are in use, and they need firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed,” says Kasper Lindgaard, Director of Research and Security at Secunia. In recent years, Adobe has undertaken an aggressive program to scan its application code for security problems and generate patches quickly when problems are found. The company also looked at vulnerabilities in open-source software, an increasing security concern after several serious vulnerabilities were found in the OpenSSL cryptographic software. The first serious OpenSSL vulnerability, nicknamed Heartbleed, caught many off guard due to its potential impact and the wide variety of programs that use it.

Secunia thought vendors might be quicker to patch OpenSSL after subsequent problems were found last year. “Organizations should not presume to be able to predict which vendors are dependable and quick to react when vulnerabilities are discovered in products bundled with open-source libraries,” Secunia said. For this analysis we use anonymous data gathered from scans throughout 2014 of the millions of private computers which have the Secunia Personal Software Inspector (PSI) installed. PSI users’ computers have an average of 76 programs installed on them – from country to country and region to region there are variations as to which applications are installed.

For the sake of clarity, we have chosen to focus on the state of a representative portfolio of the 50 most common applications found on the computers.

Here you can write a commentary on the recording "Zero day, Web browser vulnerabilities spike in 2014".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site