Get this blog as an RSS Feed

Fighting Vulnerabilities

14:00 CET, 13th February 2009 By Niels Henrik Rasmussen.


Since the inauguration of Secunia in 2002, we have offered a variety of free community services to aid you in staying secure online.

Vulnerability Intelligence
For years we have provided the world's best advisories with verified vulnerability intelligence. The vulnerability intelligence is based on broad information gathering and a rigorous testing and verification procedure where some of the world's most skilled vulnerability researchers and security specialists continuously conduct research to reproduce the reported vulnerabilities.

Once the advisories have been published, we select the most critical ones affecting popular applications and initiate an even more thorough and in-depth analysis. This analysis is conducted by some of our reverse engineers and source code auditors. Their task is to gain an almost 100% understanding of the “inner workings” of each individual vulnerability.

Binary Analysis
When analysing the vulnerabilities the reverse engineers and source code auditors document programming errors and code that may affect the attack vector and exploitation. This analysis, including support files like PoCs, exploits, and PCAPs, is provided as part of our Binary Analysis service to IDS / IPS vendors, AV vendors, large enterprises, and governments.

Vulnerability Research
Secunia also puts a significant amount of resources into vulnerability research. Last year this resulted in Secunia being the most successful research company with a total of 68 vulnerabilities in significant software:

PSI, OSI, and the community
Today, the most widely used free community effort by Secunia is the Secunia PSI with 1,1 million installations. The free Secunia PSI helps keeping private computer systems up-to-date with the latest security updates for all programs. Another 3.000 daily users keep the 70 most common programs up-to-date using the browser based Secunia OSI.

The Secunia PSI received a 5 of 5 rating by and was selected as 1 of 101 fantastic freebees by PCWorld.

Developing, supporting, and promoting the use of Secunia PSI and OSI has a high priority at Secunia. Currently we employ 3 people, who focus solely on the PSI; other staff also spend significant resources on development and management of the Secunia PSI project.

The Secunia PSI and OSI are also backed by an active online community where users can get support and help with updating software and other security related issues. In 2009, we will also be inviting the community to help translating and supporting the Secunia PSI in even more languages like we did with the first community translation to Spanish in December 2008.

The free Secunia PSI and Secunia OSI solutions utilise the same technology and the same Vulnerability Intelligence as the business edition. This combination of technology and intelligence allows easy and reliable tracking of thousands of missing security updates, end-of-life programs, as well as up-to-date software for users.

The future
In the current turmoil of the global financial crisis, you can rest assured that Secunia will continue to provide the world's best software security update tool and vulnerability information free of charge to the community for use on private systems as well as conduct vulnerability research. We will, however, also seek to optimise our business to ensure that Secunia remain a sound and healthy business that can continue to afford investing in the community by charging businesses and governments for their use of our services and solutions on their systems.

Stay Secure,

Niels Henrik Rasmussen

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.

Subject: Fighting Vulnerabilities

No posts yet
You must be logged in to post a comment.