navigation bar left navigation bar right

Secunia CSI7
navigation left tab About us navigation right tab
navigation left tab Careers navigation right tab
navigation left tab Memberships navigation right tab
navigation left tab Newsroom navigation right tab
navigation left tab Contact us navigation right tab
Blog
News
Articles

HelpNet Article: The vulnerability species: Origin and evolution

Get this blog as an RSS Feed
14:00 CET on the 28th January 2011
Entry written by Secunia.

There is an on-going arms-race in the IT security industry between vendors striving to produce secure software, and researchers’ and cybercriminals’ efforts (and successes) in finding new vulnerabilities in software. The number of vulnerabilities in general over the last five years reached over 4,300 on average per year with no significant up- or downward trend. During the period from 2009 to 2010, the number actually decreased by 3%. Therefore it is fair to say that, on a large scale, the security ecosystem appears to be in a sort of state of equilibrium regarding the current rate of vulnerabilities. Vulnerabilities are counted as the number of unique CVEs.

However, computer users cannot be complacent. Significantly, Secunia’s Yearly Report for 2010 revealed that out of more than 4,000 vendors on the market today, just 14 vendors with products in use on millions of private and corporate systems daily, were responsible for over half of the vulnerabilities discovered in the last two years: Adobe Systems, Apache Software Foundation, Apple, Cisco, Google, HP, IBM, Kernel.org, Microsoft, Mozilla Organization, Novell, Oracle (includes Sun Microsystem, BEA, and Peoplesoft as a result of recent acquisitions), RealNetworks, and VMware.

The evolving vulnerability threat

Unfortunately vulnerabilities are still the ‘Achilles’ Heel’ of any IT system particularly for end-point PCs. An alarming trend for this sub-section was also highlighted: cybercriminals are now focusing their specific efforts on end-users. Vulnerabilities on end-points are commonly exploited when users visit a malicious website (with content controlled or injected by an attacker), or open data, files, or documents with one of the numerous programs and plug-ins installed on their end-points. The sheer variety and prevalence of programs found on typical end-points, coupled with unpredictable user usage patterns, make end-points an attractive and easy to exploit target for cybercriminals.

To read the rest of the article, visit HelpNet at: http://www.net-security.org/article.php?id=1553

Discuss this news entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: HelpNet Article: The vulnerability species: Origin and evolution
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+