Itasca, IL - Mar 16, 2016 - Flexera Software, the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises, today released the Vulnerability Review 2016, the annual report from Secunia Research at Flexera Software, which presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security vulnerability threat to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.
Vulnerabilities are a root cause of security issues -errors in software that can work as an entry point for hackers and be exploited to gain access to IT systems. In 2015, Secunia Research at Flexera Software recorded a total of 16,081 vulnerabilities in 2,484 products from 263 vendors. The breadth of the problem - 16,081 vulnerabilities across 2,484 vulnerable products - illustrates the challenge faced by IT teams trying to protect their environment against security breaches. For organizations to stay on top of their environments, IT teams must have complete visibility of the applications that are in use, and firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed.
The corresponding numbers for 2014 were 15,698 vulnerabilities in 3,907 products from 514 vendors.
"The substantial 36 percent drop in number of products and 49 percent drop in vendors primarily reflects an adjustment in focus from Secunia Research to only monitor the systems and applications in use in the environments of customers of Flexera Software's Software Vulnerability Management product line. This change is caused by a continuous rise in the number of vulnerabilities reported in recent years, and we are currently seeing other research houses choosing similar strategies - CVE Mitre, for example," explained Kasper Lindgaard, Director of Secunia Research at Flexera Software.
Other findings in the Vulnerability Review 2016 confirm trends from previous years: at 25, the number of zero-day vulnerabilities was the same as in 2014; the split between vulnerabilities in Microsoft and non-Microsoft products in the 50 most popular applications on private PCs is at 21 percent and 79 percent. And most vulnerabilities - 84 percent - have a patch available on the day of disclosure. 30 days after the vulnerability was first disclosed, only one additional percent has a patch. Particularly for organizations with a vast array of endpoints to manage - including devices not regularly connected to corporate networks - this means that a variety of mitigating software vulnerability management efforts are required, to ensure sufficient protection.
Total Numbers across All Applications
The 50 Most Popular Applications on Private PCs
The annual Vulnerability Review from Secunia Research at Flexera Software analyzes the evolution of software security from a vulnerability perspective. It presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.
To assess how exposed endpoints are, we analyze the types of products typically found on an endpoint. For this analysis we use anonymous data gathered from scans throughout 2015 of the millions of private computers which have Flexera Software's Personal Software Inspector installed.
Personal Software Inspector users' computers have an average of 79 programs installed on them - from country to country and region to region there are variations as to which applications are installed. For the sake of clarity, we have chosen to focus on the state of a representative portfolio of the 50 most common applications found on the computers. These 50 applications are comprised of 33 Microsoft applications and 17 non-Microsoft applications.
# # #
Access a copy of the Vulnerability Review 2016
Join the webinar on the Vulnerability Review 2016, April 14, "All about the thousands of 2015 vulnerabilities. From Secunia Research." Presented by Kasper Lindgaard, Director of Secunia Research at Flexera Software
Sign up here
Learn more about:
Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1200+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at www.flexera.com.