Secunia recorded 15.435 software vulnerabilities in 3.870 applications during 2014, according to 2015's annual vulnerability review (Secunia Vulnerability Review 2015), released by the company this week.
The figure shows an 18% increase in vulnerabilities as well as a 22% increase over programs in 2013. But if you ask the general public to guess which programs have the most vulnerabilities, you'll probably catch them unread… if they haven't read Secunia's report.
The big Google Chrome leads the list with 504 vulnerabilities, followed by Oracle Solaris (483), Gentoo Linux (350) and Microsoft's Internet Explorer (289). Apple's Mac OS X is in 13th place with 147 vulnerabilities, while Microsoft's Windows 8 is in 20th place with 105 recorded vulnerabilities.
Μόνο δύο προγράμματα της Microsoft βρίσκονται στο Top 20 της λίστας των βασικών προγραμμάτων, στην οποία καταγράφονται εφαρμογές της IBM, σε οκτώ διαφορετικές περιπτώσεις. Το Tivoli Endpoint Manager έχει από τις χειρότερες επιδόσεις που με 258 τρωτά σημεία “κερδίζει” την 8η θέση. Ακολουθούν οι εφαρμογές: Tivoli Storage Productivity Center (231), IBM Websphere Application Server (210), IBM Domino (177), IBM Lotus Notes (174), IBM Tivoli Composite Application Manager For Transactions (136), IBM Tivoli Application Dependency Discovery Manager (136), IBM Tivoli Application Dependency Discovery Manager (122), και IBM Websphere Portal (107) – βλέπε πίνακα παρακάτω.
Programs from the same company may well share the same vulnerabilities, so IBM's performance is probably not as bad as it looks. Also, capturing a large number of vulnerabilities does not mean that a program is unsafe: finding and defining vulnerabilities helps make Chrome the most secure browser. However, this does not mean that the repair should necessarily work perfectly.
However, the time for repairs is still decreasing. Secunia reports that from 15.435 vulnerabilities, 83 percent had an update released to users as soon as vulnerability was revealed to the public.
As usual, Microsoft applications were not responsible for the majority of vulnerabilities in personal computers. According to Secunia, Microsoft applications (including the Windows 7 operating system) accounted for 69% of products in Top 50 programs that were most commonly installed on computers, but only 23% contained vulnerabilities. This may sound good, but the percentages are quite high considering Microsoft's popularity of programs.
Windows 8 was obviously the version with the most vulnerabilities, but the number decreased from 156 to 2013 to 105 to 2014. Windows 7 went even better, as the number of vulnerabilities fell from 102 to 33.
Web browsers now. They had the most vulnerabilities in Top 50 programs. Google Chrome came first with 504 recorded vulnerabilities, followed by IE (289) and Mozilla Firefox (171).
Other apps with vulnerabilities were: Oracle Java JRE (119), Adobe Flash Player (99), Apple iTunes (84), Adobe Air (59), Adobe Reader (43), Microsoft Windows 7 (33) and Microsoft Word (14).
For history, Apple's Safari recorded 92 vulnerabilities
Όμως οι μεγαλύτερες καταστροφές στην ασφάλεια για αυτό το έτος προήλθαν από λογισμικό ανοιχτού κώδικα με το Heartbleed, SSL και ShellShock. Η Secunia αναφέρει ότι τα problems αυτά “επέστησαν την προσοχή σε ένα προηγουμένως παραμελημένο δυναμικό θέμα της ασφάλειας: τη χρήση εφαρμογών και βιβλιοθηκών ανοικτού κώδικα σε περιβάλλοντα πληροφορικής.”
