Security Market Segment LS
Friday, 18 March 2016 08:22

Nearly 2500 applications with 16,081 vulnerabilities in 2015


Unlike most products, software is offered without any kind of warranty, and when you see how many bugs and vulns software has, it’s obvious why.

Flexera Software’s Secunia Research division has published its latest annual Vulnerability Review, presenting global vulnerability data for products in use in corporate environments

Flexera, which acquired Secunia, bills itself as ‘the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises.’

So, when such a company releases its latest ‘Vulnerability Review 2016,’, it’s definitely worth reading, as it ‘which presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security vulnerability threat to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.’

With attacks on and concerns about security and privacy at all time highs, whether by rogue programmers, hackers, rogue employees, governments and who knows who else, vulnerabilities are major security issues, as they are ‘errors in software that can work as an entry point for hackers and be exploited to gain access to IT systems.’

In 2015, Secunia says it recorded a total of 16,081 vulnerabilities in 2,484 products from 263 vendors, and says that ‘the breadth of the problem – 16,081 vulnerabilities across 2,484 vulnerable products – illustrates the challenge faced by IT teams trying to protect their environment against security breaches.’

For organisations to stay on top of their environments, sayeth Flexera and Secunia, ;IT teams must have complete visibility of the applications that are in use, and firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed.’

Now, bad as the 2015 figures are, they are actually a drop on 2014 numbers. While the number of vulnerabilities in 2014 was lower at 15,698, this was across 3,907 products from 514 vendors in 2014.

Kasper Lindgaard, Director of Secunia Research at Flexera Software said: “The substantial 36 percent drop in number of products and 49 percent drop in vendors primarily reflects an adjustment in focus from Secunia Research to only monitor the systems and applications in use in the environments of customers of Flexera Software’s Software Vulnerability Management product line.

“This change is caused by a continuous rise in the number of vulnerabilities reported in recent years, and we are currently seeing other research houses choosing similar strategies – CVE Mitre, for example.”

As for ‘patch rates and zero-day vulnerabilities’, Secunia noted that ‘other findings in the Vulnerability Review 2016 confirm trends from previous years: at 25, the number of zero-day vulnerabilities was the same as in 2014; the split between vulnerabilities in Microsoft and non-Microsoft products in the 50 most popular applications on private PCs is at 21% and 79%.’

‘And most vulnerabilities – 84% – have a patch available on the day of disclosure. 30 days after the vulnerability was first disclosed, only one additional percent has a patch. Particularly for organisations with a vast array of endpoints to manage - including devices not regularly connected to corporate networks - this means that a variety of mitigating software vulnerability management efforts are required, to ensure sufficient protection.’

More below, please read on.

So, what are the key findings from the Vulnerability Review 2016?

Total Numbers across All Applications

1. In 2015, Secunia Research at Flexera Software recorded a total of 16,081 vulnerabilities in 2,484 products from 263 vendors.
2. 84% of vulnerabilities in all products had patches available on the day of disclosure in 2015.
3. 25 zero-day vulnerabilities were discovered in total in 2015, the same number as the year before.
4. 13.3% of the 16,081 vulnerabilities discovered in 2015 were rated as ‘Highly Critical’, and 0.5 percent as ‘Extremely Critical’.
5. In 2015, 1,114 vulnerabilities were discovered in the five most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari. That is a 4% increase from 2014.
6. In 2015, 147 vulnerabilities were discovered in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.

The 50 Most Popular Applications on Private PCs

7. 2,048 vulnerabilities were discovered in 25 products in the Top 50 most popular applications on private PCs.
8. 79% of vulnerabilities in the 50 most popular applications on private PCs in 2015 affected non-Microsoft applications, by far outnumbering the 7% of vulnerabilities found in the Windows 7 operating system or the 14 percent of vulnerabilities discovered in Microsoft applications.
9. The 17 non-Microsoft applications only account for 33% of products but are responsible for 79% of the vulnerabilities discovered in the Top 50.
Microsoft applications (including the Windows 7 operating system) account for 67% of the products in the Top 50, but were only responsible for 21% of the vulnerabilities.
10. Over a five year period, the share of vulnerabilities in non-Microsoft applications hovers around 78% in the Top 50.
11. The total number of vulnerabilities in the Top 50 most popular applications was 2,048 in 2015, showing a 77% increase in the five-year trend. Most of these were rated by Secunia Research at Flexera Software as either 'Highly critical' (62.8%) or 'Extremely critical' (8.6 %).
12. 85% of vulnerabilities in the Top 50 had patches available on the day of disclosure in 2015.

The Vulnerability Review 2016 can be freely downloaded here.

Read 3433 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News