Nearly 80% Of All Bugs Are In Third-Party Apps

Secunia annual report says only 10 percent of bugs in 2011 were in Microsoft software

Dont blame it on Microsoft: The lions share of vulnerabilities last year were in third-party applications, with 78 percent of all bugs, versus 10 percent in Microsoft software products, according to a new report published today.
Secunias annual report for 2011 found that the number of endpoint flaws jumped past 800 bugs, more than half of which were considered very critical.
What we see is a consolidation, with fewer vendors responsible for more vulnerabilities, says Stefan Frei, research analyst director for Secunia. Most of the vulnerabilities are highly critical and exploitable.
The jump in third-party flaws is dramatic when compared with 2006, when it was less than half, at 45 percent. Around 12 percent of last years bugs were in operating systems. Secunia also found that more than half of software programs that are vulnerable in an organization with more than 600 programs arent vulnerable the next year. And half that are not vulnerable one year will be the next. Therefore, identifying all installed programs and implementing an agile, dynamic patching strategy according to criticality in the remediation phase, as opposed to a short-sighted approach of only patching a static set of preferred programs, clearly wins in terms of achieving optimal risk reduction with limited resources, Frei said in a statement.
And while vulnerabilities decreased last year overall, the top 20 commercial and open-source software providers were not able to whittle down the number of bugs in their products, according to the report.
That shocked Frei. Despite all the investment the made into security, none of them achieved the result of reducing the number of vulnerabilities in 2011 compared to the previous five years, he says. I would have expected an even playing field where some would have decreased or increased. It shows that this is an arms race and still a very complex problem.
Organizations are most at risk at the endpoint, the report says, and it takes about 12 different update mechanisms -- including Microsofts -- to secure the average endpoint. And even lesser-known or used software applications can be at risk, Secunia found.
A full copy of the
Secunia Yearly Report for 2011 is available here
for download.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Nearly 80% Of All Bugs Are In Third-Party Apps