Is Your Security Software Secure? Not So Much. One Reason? Vulnerable Open Source Components

New Flexera Software Vulnerability Update included 11 security products – many of which used open source components containing vulnerabilities

Itasca, IL - Nov 29, 2016 - With security software serving on the front line – protecting individuals and enterprises from hacker threat – it may come up as a surprise that between August and October of 2016 – 11 security products were included on a list of products with the most software vulnerabilities.

Flexera Software, the leading provider of Software Vulnerability Management and open source security solutions, just released its Vulnerability Update[1] covering the Top 20 products with the most vulnerabilities inAugust, September and October, 2016.  According to the report, of the 46 products appearing at least once in the list of top 20 products with the most vulnerabilities during those months, 11 were security-related products from vendors such as AlienVault, IBM, Juniper, McAfee, Palo Alto and Splunk.

Security Products Are Not Immune to Software Vulnerabilities

A vulnerability is simply a flaw in application code that, if left unpatched, can be exploited by hackers with malicious intent.  Today’s report underscores the reality that all applications can contain vulnerabilities – even security software.

“It is important for organizations to understand that there will always be software vulnerabilities, and there will always be hackers with malicious intent, working to exploit those vulnerabilities,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software.  “The good news is that the vast majority of vulnerabilities have patches available on the day they are made public.  This means that companies and individual PC users that implement a Software Vulnerability Management solution can minimize their risk of attack – and the consequences of stolen data.”

Open Source Components Pose Significant Software Vulnerability Risk

Flexera Software’s Secunia Research team reviewed the vulnerabilities in the security products named in today’s report.  They found that many of the vulnerabilities within those security products were actually imbedded in open source components used within those products.

According to Jeff Luszcz, Vice President of Product Management for Flexera’s Software Composition Analysis solutions, software producers and Internet of Things (IoT) manufacturers routinely use open source components within their software code.  “Open source components constitute as much as 50 percent of the global code base.  And, as the Heartbleed open source vulnerability reminds us, vulnerable open source components built into software products can cause global disruption if they are not discovered and patched prior to delivering software products to customers,” said Luszcz.  “Every software and IoT producer must understand these risks, and leverage technology to automate open source component scanning, governance and vulnerability management.”

You can download the Vulnerability Update here.

[1]The Vulnerability Update is a recurring report based on data from Flexera Software’s Vulnerability Database.  It provides a Top 20 per month of products with the most vulnerabilities recorded over a three month period, along with brief comments from Secunia Research at Flexera Software.

# # #


Learn more about Flexera Software’s:

Follow Flexera…

About Flexera

Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. The Flexera  RightScale multicloud management and cloud cost optimization solutions enable enterprises to drive top-line revenue while optimizing cloud usage to reduce risk and costs. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1300+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at

For more information, contact:

Clement | Peterson Public Relations

*All third-party trademarks are the property of their respective owners.