Get this blog as an RSS Feed

Secunia takes the next step within Vulnerability Intelligence

12:15 CET, 7th December 2010 By Stefan Frei.

Security vulnerabilities in software represent a particular problematic risk to private and business users alike. However, in the software industry we still lack coherent, standardized, and scheduled reporting of important security parameters for software programs. In the finance industry, for example, key performance parameters are reported yearly or quarterly to consistently provide interested parties, and the public, with relevant information for decision-making and risk assessment.

We therefore made a new initiative to address this current lack of relevant security information in a standardized and scheduled format, namely the Secunia Security Factsheets (http://secunia.com/factsheets).

In a single document a Secunia Security Factsheet presents important security information for a given program in a consistent and standardized format. The factsheets go well beyond simple vulnerability counts by analyzing the kinds and number of vulnerabilities paired with information about the software vendors’ ability to roll out security patches. The information is based on Secunia’s Vulnerability Intelligence database and analysis of Secunia Research.

The factsheets are released quarterly and provide a number of key security parameters in a year-on-year (YoY) comparison, such as ‘the number of advisories of the two recent 12 months periods’, Break-down by attack vector in the number of Secunia Advisories’, and ‘classification of the impact of successful exploitation on the affected system’, among others. This information will enable us to answer questions that would otherwise require extensive manual data mining.

Initially we will publish the factsheets for more than a dozen major programs, as of Q3 2010. However, we will continue to extend the range of programs covered, as well as develop the factsheets further, based on customer and community feedback - so stay tuned!

You can submit your input by sending an e-mail to: factsheets@secunia.com.

I hope that the quarterly Secunia Security Factsheets will raise the awareness on the evolution of security threats, support you in your daily work, and help identifying new trends at an early stage.

Stay Secure,

Stefan Frei
Research Analyst Director

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.

Subject: Secunia takes the next step within Vulnerability Intelligence

User Message
[+]

wulijun

RE: Secunia takes the next step within Vulnerability Intelligence
This reply has been minimised due to a negative Relevancy Score.

You must be logged in to post a comment.
-->