Press Release

New Vulnerability Update: Bundling With Adobe Flash ® Exposes Windows ® and Microsoft ® Had More Vulnerable Products

For the first time since the report was introduced in 2014, IBM ® does not top the list as the vendor with the most vulnerable products.

Itasca, IL - Dec 3, 2015 - Flexera Software, the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises, today released a Vulnerability Update covering the Top 20 products with the most vulnerabilities in August, September and October 2015. The total number of recorded vulnerabilities in the three Top 20's was 2,450, and with 12 product entries, Microsoft products outnumber IBM's eight product entries.

The Vulnerability Update is a recurring report based on data from Flexera Software's Vulnerability Database. The report provides a Top 20 per month of products with the most vulnerabilities recorded over a three month period, along with brief comments from Secunia Research at Flexera Software.

In this edition, Secunia Research provides commentary on QNAP® NAS, a network attached storage device, used for data storage by private users and small businesses, and on vulnerabilities in security tools like AlienVault Unified Security ManagementTM (USM). And the report puts Microsoft as the vendor with the most vulnerable products over the three month period - a position held by IBM in previous Vulnerability Updates.

"The reason so many Microsoft products are in the Top 20 lists this time is that both Microsoft Internet Explorer and Microsoft Edge come bundled with Adobe Flash, adding the 35 Flash vulnerabilities listed in August to Windows 8 and upwards. This means that for Windows systems from 8 and later, the 35 vulnerabilities in Adobe Flash Player are added to the Microsoft vulnerabilities, resulting in these products climbing higher than they otherwise would," explained Kasper Lindgaard, Director of Secunia Research at Flexera Software.

New lesson: Start patching your fridge!

The report also touches on one of the new challenges facing the IT industry: the Internet of Things (IoT), which is bringing more internet-connected devices into businesses and the homes of consumers. IoT impacts both the 'old' IT guard - application producers, and the security community - and newcomers, like manufacturers creating Internet-connected intelligent devices, who must start integrating software security into their product strategy.

"With the IoT trend comes the necessity to educate businesses and consumers and get them to treat their connected devices - from telecommunications equipment and medical devices to toasters, thermostats and cars - like their PC's, full of updateable software that can be vulnerable to hackers," said Lindgaard, "We need to get businesses and consumers to start applying security updates to their devices, just as they should be doing to the software on their PCs and mobiles. The problem is, that even though we have been trying to get the "apply security updates" message across for more than 10 years, consumers still are not sufficiently aware that they need to do so."

You can download the Vulnerability Update here

# # #

Resources:

Learn more about Flexera Software's:

Follow Flexera…

About Flexera
Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1200+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at www.flexera.com.

Secunia Research at Flexera Software

In September 2015, Flexera Software acquired Secunia, adding Secunia's Software Vulnerability Management solutions to complement Flexera Software's Software License Optimization and Application Readiness solutions. Under Flexera Software, Secunia Research continues to perform vulnerability verification, issue Secunia Advisories and publish data on the global vulnerability landscape.

For more information, contact:

Flexera
Amanda Ingalls
(949) 241-1515
aingalls@flexera.com

*All third-party trademarks are the property of their respective owners.