Secunia a popular security company that provides patch management and vulnerability assessment solutions have just released the secunia yearly report. This report comes to assist users in understanding the current situation of software vulnerabilities.
The 33 page report cover very important information and details about their finding in the period between 2006 to 2011 in terms of threats and challenges involve all software developers and programmers. What we have noticed that many developers are always looking for adding functionalities and performance to their programs without seriously looking at the software security.
Breakdown of vulnerabilities in the Top-50 software portfolio by origin
The new report clearly states that almost third party application (TP) are responsible for the dramatic increase in vulnerabilities with about 687 bug while only 84 vulnerability in Microsoft programs.
Percentage of products with a given market share for which vulnerabilities exist (left) or exploit material is available (right) in the last two years.
“The Secunia Yearly Report reveals that for an organisation with over 600 programs installed in their network, more than 50% of the programs that are vulnerable in one year will not be vulnerable the next year, and vice versa. “Therefore identifying all installed programs and implementing an agile, dynamic patching strategy according to criticality in the remediation phase, as opposed to a short-sighted approach of only patching a static set of preferred programs, clearly wins in terms of achieving optimal risk reduction with limited resources. 72% of vulnerabilities had patches available on the day of disclosure; therefore the power to patch end-points is in the hands of all end-users and organisations,” concluded Frei.” Stated at the official blog post
Well I think that all techniques and tools required for patching your system are available and for free so there is no reason to have an outdated or vulnerable software packages at your company. If this is due to budget limitation than you can use open-source programs at least you will be sure that you have a patched and safe software.
You can find the full report online at http://secunia.com/company/2011_yearly_report