In order for organisations to stay on top of their environments, IT teams must have complete visibility of the application that are in use within a business.
That’s the advice from next-gen software firm Flexera, who’s latest vulnerability review reveals more than 16,000 vulnerabilities were recorded in 2015.
The annual report presents global data on the prevalence of vulnerabilities and the availability of patches, and maps the security vulnerability threat to IT infrastructures. It explores the vulnerabilities in the 50 most popular applications on private PCs.
According to the report, vulnerabilities are a root cause of security issues – errors in software that can work as an entry point for hackers and be exploited to gain access to IT systems.
In 2015, Secunia Research at Flexera Software recorded a total of 16,081 vulnerabilities in 2,484 products from 263 vendors.
The breadth of the problem illustrates the challenge faced by IT teams trying to protect their environment against security breaches, Flexera says.
“For organisations to stay on top of their environments, IT teams must have complete visibility of the applications that are in use, and firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed,” the company says.
Drop in number of vulnerable products and number of vendors
The corresponding numbers for 2014 were 15,698 vulnerabilities in 3,907 products from 514 vendors.
“The substantial 36% drop in number of products and 49% drop in vendors primarily reflects an adjustment in focus from Secunia Research to only monitor the systems and applications in use in the environments of customers of Flexera Software’s Software Vulnerability Management product line.
This change is caused by a continuous rise in the number of vulnerabilities reported in recent years, and we are currently seeing other research houses choosing similar strategies – CVE Mitre, for example,” explains Kasper Lindgaard, director of Secunia Research at Flexera Software.
Patch Rates and Zero-day Vulnerabilities
Other findings in the Vulnerability Review 2016 confirm trends from previous years: at 25, the number of zero-day vulnerabilities was the same as in 2014; the split between vulnerabilities in Microsoft and non-Microsoft products in the 50 most popular applications on private PCs is at 21% and 79%.
Most vulnerabilities – 84%– have a patch available on the day of disclosure. 30 days after the vulnerability was first disclosed, only one additional percent has a patch.
Particularly for organisations with a vast array of endpoints to manage - including devices not regularly connected to corporate networks - this means that a variety of mitigating software vulnerability management efforts are required, to ensure sufficient protection.
Key findings from the Vulnerability Review 2016
Total Numbers across All Applications
The 50 Most Popular Applications on Private PCs