Itasca, IL - Mar 13, 2017 - Flexera Software, the leading provider of Software Vulnerability Management solutions for application producers and enterprises, today released Vulnerability Review 2017, the annual report from Secunia Research at Flexera Software, which presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security vulnerability threat to IT infrastructures, and explores vulnerabilities in the 50 most popular applications on private PCs.
Vulnerabilities are a root cause of security issues - errors in software that can work as an entry point for hackers, and be exploited to gain access to IT systems. In 2016, Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors. The breadth of the problem illustrates the challenge faced by IT teams trying to protect their environment against security breaches without the necessary automation. For organizations to stay on top of their environments, IT teams must have complete visibility of the applications that are in use, and firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed.
The good news is that patches continue to be available for the vast majority of vulnerabilities at the time they become public. In 2016, 81 percent of all vulnerabilities and 92.5 percent of applications in the Top 50 Software Portfolio that were impacted by vulnerabilities, had patches for those vulnerabilities on the day of disclosure - all but begging for the user to take action to fix it. However, even with an increase in available patches, there was a decrease in patch rates - a clear indicator that the software supply chain is indeed broken. Software Vulnerability Management was designed to solve this problem by helping organizations identify vulnerable applications and systems in their environments so they can be prioritized, and remediate the problem via integrated patch management.
"The software supply chain is very unique in industry - it is not uncommon for software producers to release products containing exploitable vulnerabilities, which then becomes their customers' problem. That is why software buyers must be vigilant when buying, managing, and securing their software," said Kasper Lindgaard, Director of Secunia Research at Flexera Software. "As our report details, patches are available in the majority of times a vulnerability is disclosed. Companies need to take advantage of this knowledge, and actively apply patches in a timely manner."
The rate of unpatched PDF Readers is very high. For instance, Adobe Reader has wide adoption -- ranking #31 in the Top 50 Software Portfolio and installed on 40 percent of personal computers. The application has the lion share of the market and the largest amount of vulnerabilities - yet 75 percent of its private users ran unpatched versions of Adobe Reader in 2016, despite a plethora of available patches.
Other findings in the Vulnerability Review 2017 confirm trends from previous years: at 22, the number of zero-day vulnerabilities was a bit lower than in 2015; the split between vulnerabilities in Microsoft and non-Microsoft products in the 50 most popular applications on private PCs is at 22.5 percent and 77.5 percent. And most vulnerabilities - 81 percent - have a patch available on the day of disclosure. 30 days after the vulnerability was first disclosed, only one additional percent has a patch. Particularly for organizations with a vast array of endpoints to manage - including devices not regularly connected to corporate networks - this means that a variety of mitigating Software Vulnerability Management efforts are required, to ensure sufficient protection.
Total Numbers across All Applications
The 50 Most Popular Applications on Private PCs
The annual Vulnerability Review from Secunia Research at Flexera Software analyzes the evolution of software security from a vulnerability perspective. It presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.
To assess how exposed endpoints are, we analyze the types of products typically found on an endpoint. For this analysis, we use anonymous data gathered from scans throughout 2016 of the Personal Software Inspector users' computers - with an average of 75 programs installed on them. From country to country and region to region, there are variations as to which applications are installed. For the sake of clarity, we have chosen to focus on the state of a representative portfolio of the 50 most common applications found on the computers. These 50 applications are comprised of 35 Microsoft applications, and 15 non-Microsoft applications.
Different approaches to counting vulnerabilities are adopted by research houses in the vulnerability management space. Secunia Research counts vulnerabilities per product the vulnerability appears in. We apply this method to reflect the level of information our customers need, to keep their environments secure, i.e. verified intelligence on all products affected by a given vulnerability.
Download the Vulnerability Review 2017
Learn more about:
Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. The Flexera RightScale multicloud management and cloud cost optimization solutions enable enterprises to drive top-line revenue while optimizing cloud usage to reduce risk and costs. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1300+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at www.flexera.com.
*All third-party trademarks are the property of their respective owners.