Increase in Available Security Patches + Decrease in Patch Rates = Broken Software Supply Chain


Annual Flexera Vulnerability Review Shows 81 Percent of All Vulnerabilities Had Available Patches, Yet Common Software Programmes Remain Unpatched

Maidenhead, U.K. – March 13, 2017Flexera Software, the leading provider of Software Vulnerability Management solutions for application producers and enterprises, today released Vulnerability Review 2017, the annual report from Secunia Research at Flexera Software, which presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security vulnerability threat to IT infrastructures, and explores vulnerabilities in the 50 most popular applications on private PCs.

Vulnerabilities are a root cause of security issues – errors in software that can work as an entry point for hackers, and be exploited to gain access to IT systems. In 2016, Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors. The breadth of the problem illustrates the challenge faced by IT teams trying to protect their environment against security breaches without the necessary automation. For organisations to stay on top of their environments, IT teams must have complete visibility of the applications that are in use, and firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed.

The good news is that patches continue to be available for the vast majority of vulnerabilities at the time they become public. In 2016, 81 percent of all vulnerabilities and 92.5 percent of applications in the Top 50 Software Portfolio that were impacted by vulnerabilities, had patches for those vulnerabilities on the day of disclosure – all but begging for the user to take action to fix it. However, even with an increase in available patches, there was a decrease in patch rates – a clear indicator that the software supply chain is indeed broken. Software Vulnerability Management was designed to solve this problem by helping organisations identify vulnerable applications and systems in their environments so they can be prioritised, and remediate the problem via integrated patch management.

“The software supply chain is very unique in industry – it is not uncommon for software producers to release products containing exploitable vulnerabilities, which then becomes their customers’ problem. That is why software buyers must be vigilant when buying, managing, and securing their software,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software. “As our report details, patches are available in the majority of times a vulnerability is disclosed. Companies need to take advantage of this knowledge, and actively apply patches in a timely manner.”

PDF Readers
The rate of unpatched PDF Readers is very high. For instance, Adobe Reader has wide adoption — ranking #31 in the Top 50 Software Portfolio and installed on 40 percent of personal computers. The application has the lion share of the market and the largest amount of vulnerabilities – yet 75 percent of its private users ran unpatched versions of Adobe Reader in 2016, despite a plethora of available patches.

Patch Rates and Zero-day Vulnerabilities
Other findings in the Vulnerability Review 2017 confirm trends from previous years: at 22, the number of zero-day vulnerabilities was a bit lower than in 2015; the split between vulnerabilities in Microsoft and non-Microsoft products in the 50 most popular applications on private PCs is at 22.5 percent and 77.5 percent. And most vulnerabilities – 81 percent – have a patch available on the day of disclosure. 30 days after the vulnerability was first disclosed, only one additional percent has a patch. Particularly for organisations with a vast array of endpoints to manage – including devices not regularly connected to corporate networks – this means that a variety of mitigating Software Vulnerability Management efforts are required, to ensure sufficient protection.

Key Findings from the Vulnerability Review 2017

Total Numbers across All Applications

1. In 2016, Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors.
2. 81 percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.
3. 22 zero-day vulnerabilities were discovered in total in 2016, a decrease of 4 compared to the year before.
4. 18 percent of the 3,416 advisories released in 2016 were rated as ‘Highly Critical’, and 0.5 percent as ‘Extremely Critical’.
5. In 2016, 713 vulnerabilities were discovered in the five most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari[1]. That is a 27.5 percent decrease from 2015.
6. In 2016, 289 vulnerabilities were discovered in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.

The 50 Most Popular Applications on Private PCs

7. 1,626 vulnerabilities were discovered in 25 products in the Top 50 most popular applications on private PCs.
8. 77.5 percent of vulnerabilities in the 50 most popular applications on private PCs in 2016 affected non-Microsoft applications, by far outnumbering the 9 percent of vulnerabilities found in the Windows 7 operating system or the 13.5 percent of vulnerabilities discovered in Microsoft applications.
9. The 15 non-Microsoft applications only account for 29 percent of products but are responsible for 77.5 percent of the vulnerabilities discovered in the Top 50. Microsoft applications (including the Windows 7 operating system) account for 71 percent of the products in the Top 50, but were only responsible for 22.5 percent of the vulnerabilities.
10. Over a five year period, the share of vulnerabilities in non-Microsoft applications hovers around 78 percent in the Top 50.
11. The total number of vulnerabilities in the Top 50 most popular applications was 1,626 in 2016, showing a 15 percent increase in the five-year trend. Most of these were rated by Secunia Research at Flexera Software as either ‘Highly critical’ (65 percent) or ‘Extremely critical’ (7.5 percent).
12. 92.5 percent of vulnerabilities in the Top 50 had patches available on the day of disclosure in 2016.

About the Vulnerability Review 2017
The annual Vulnerability Review from Secunia Research at Flexera Software analyses the evolution of software security from a vulnerability perspective. It presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.

Identifying the 50 Most Popular Applications in the Top 50 Portfolio
To assess how exposed endpoints are, we analyse the types of products typically found on an endpoint. For this analysis, we use anonymous data gathered from scans throughout 2016 of the Personal Software Inspector users’ computers – with an average of 75 programmes installed on them. From country to country and region to region, there are variations as to which applications are installed. For the sake of clarity, we have chosen to focus on the state of a representative portfolio of the 50 most common applications found on the computers. These 50 applications are comprised of 35 Microsoft applications, and 15 non-Microsoft applications.

Methodology
Different approaches to counting vulnerabilities are adopted by research houses in the vulnerability management space. Secunia Research counts vulnerabilities per product the vulnerability appears in. We apply this method to reflect the level of information our customers need, to keep their environments secure, i.e. verified intelligence on all products affected by a given vulnerability.

[1]Although Apple Safari for Windows is categorized as end-of-life by Secunia Research, because it has not received maintenance and development for a period of three years, it is still found on 6% of PCs.

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

::::::::::::::::::::::::::::::::::6733:::::::::::::::::::::::::::::::::;;

:::::::::::::::::::::::::::::925:::::::::::::::::::::::::::::::

TRIO STEEL IS ONE OF THE MOST TRUSTED BRAND AND LEADING EXPORTER AND SUPPLIER OF CARBON STEEL, ALLOY STEEL & STAINLESS STEEL PIPES & PIPE FITTINGS MATERIAL. Triosteel is one of the leading Suppliers and Exporters of API 5L Pipe in Singapore. Triosteel also Exports to many countries like Indonesia, Iran, Saudi Arabia & many more. An API 5L pipe is manufactured by adhering to the specifications laid down by the International Organization for Standardization (ISO) 3183.

2780

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

2781

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

——————————————–

For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...

——————————————–

There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.

——————————————–

Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time

——————————————–

The Best Website Agen Poker Resmi www.sakupoker.com Terpercaya come join

——————————————–

Do you need edmonton phone systems service ? Call complete communications today!

——————————————–

High-tech solutions for easy start-up of your IPTV/OTT-business

——————————————–

——————————————–

If you want to purchase not only one item, you have a chance to enjoy privileges. There is a sale’ tab on the site which offers a fantastic range of reduced counterfeit watches and accessories, such as sunglasses, cufflinks, watch straps and pens. Luxury Jewelry Replica At MCA.MN On Sale You get a 5% discount if you buy two pieces, this discount increases to 10% if you buy 4 pieces or more. There is free international shipping on all orders on this site. We also offer customers a free return anytime with a 100% money back guarantee.

——————————————–