Secunia takes the next step within Vulnerability Intelligence
12:15 CET on the 7th December 2010 Entry written by Stefan Frei.
Security vulnerabilities in software represent a particular problematic risk to private and business users alike. However, in the software industry we still lack coherent, standardized, and scheduled reporting of important security parameters for software programs. In the finance industry, for example, key performance parameters are reported yearly or quarterly to consistently provide interested parties, and the public, with relevant information for decision-making and risk assessment.
We therefore made a new initiative to address this current lack of relevant security information in a standardized and scheduled format, namely the Secunia Security Factsheets (http://secunia.com/factsheets).
In a single document a Secunia Security Factsheet presents important security information for a given program in a consistent and standardized format. The factsheets go well beyond simple vulnerability counts by analyzing the kinds and number of vulnerabilities paired with information about the software vendors’ ability to roll out security patches. The information is based on Secunia’s Vulnerability Intelligence database and analysis of Secunia Research.
The factsheets are released quarterly and provide a number of key security parameters in a year-on-year (YoY) comparison, such as ‘the number of advisories of the two recent 12 months periods’, Break-down by attack vector in the number of Secunia Advisories’, and ‘classification of the impact of successful exploitation on the affected system’, among others. This information will enable us to answer questions that would otherwise require extensive manual data mining.
Initially we will publish the factsheets for more than a dozen major programs, as of Q3 2010. However, we will continue to extend the range of programs covered, as well as develop the factsheets further, based on customer and community feedback - so stay tuned!