- Apr 25, 2013
- 5,355
Secunia’s Vulnerability Review 2014 provides an interesting analysis of the number of vulnerabilities in the Top 50 portfolio products.
The Secunia Vulnerability Review provides a vision on global vulnerability trends, evaluating carefully the 50 most popular programs on private PCs. These programs are practically everywhere, in many cases, they are key application for ordinary IT operations, let’s imagine to internet browsers or applications like PDF reader.
Data proposed by Secunia’s Vulnerability Review 2014 revealed that third-party programs are responsible for 76% of the flaws identified in the 50 most popular programs in 2013.
Despite large diffusion of Microsoft products that account for 66% of the Top 50 programs, only 24% of the vulnerabilities in the Top 50 programs in 2013 were related to applications designed by company of Redmond.
Key findings from the study are:
The Secunia Vulnerability Review provides a vision on global vulnerability trends, evaluating carefully the 50 most popular programs on private PCs. These programs are practically everywhere, in many cases, they are key application for ordinary IT operations, let’s imagine to internet browsers or applications like PDF reader.
Data proposed by Secunia’s Vulnerability Review 2014 revealed that third-party programs are responsible for 76% of the flaws identified in the 50 most popular programs in 2013.
Despite large diffusion of Microsoft products that account for 66% of the Top 50 programs, only 24% of the vulnerabilities in the Top 50 programs in 2013 were related to applications designed by company of Redmond.
Key findings from the study are:
- 76% of vulnerabilities in the 50 most popular programs on private PCs in 2013 affected third-party programs, by far outnumbering the 8% of vulnerabilities found in operating systems or the 16% of vulnerabilities discovered in Microsoft programs.
- In 2012, the numbers were 86% (non-Microsoft), 5.5% (operating systems) and 8.5% (Microsoft).
- The 1,208 vulnerabilities were discovered in 27 products in the Top 50 portfolio.
- The 17 third-party products which only account for 34% of products are responsible for 76% of the vulnerabilities discovered in Top 50. Of the 17 third-party programs, 10 were vulnerable. Of the 33 Microsoft programs in the Top 50, 17 were vulnerable.
- Microsoft programs (including the Windows 7 operating system) account for 66% of the products in Top 50, but were only responsible for 24% of the vulnerabilities.
- Over a five year period, the share of third-party vulnerabilities hovers around 75% – in 2013 it was at 76%.
- The total number of vulnerabilities in the Top 50 most popular programs was 1,208 in 2013, showing a 45% increase in the 5 year trend. Most of these were rated by Secunia as either ‘Highly critical’ (68.2%) or ‘Extremely critical’ (7.3%).
- In 2013, 2,289 vulnerable products were discovered with a total of 13,073 vulnerabilities in them.
- 86% of vulnerabilities in the Top 50 had patches available on the day of disclosure in 2013; therefore the power to patch end-points is in the hands of all end-users and organizations.
- 79% of vulnerabilities in all products had patches available on the day of disclosure in 2013.
- In 2013, 727 vulnerabilities were discovered in the 5 most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera, Safari.
- In 2013, 70 vulnerabilities were discovered in the 5 most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.
