Flexera, the company that’s reimagining how software is bought, sold, managed and secured, today released Vulnerability Review 2018 – Global Trends, the annual report from Secunia Research at Flexera. The report provides data on vulnerabilities to help companies understand the vulnerability landscape and devise strategies to secure their organisations. Vulnerabilities are a root cause of security issues – errors in software that can work as entry point for hackers, and be exploited to gain access to IT systems.
A Surge in Vulnerabilities
This year’s report reveals a continuing surge in vulnerability growth. In 2017 documented vulnerabilities increased 14 percent to 19,954, up from 17,147 in 2016. This means that companies are being exposed to an escalating number of security risks, underscoring the need to maintain continuous visibility of their software assets and the vulnerabilities affecting them. Companies also need to ensure critical vulnerabilities are prioritised and addressed before exploitation risk increases.
“There’s no question based on this year’s results, the risks remain high,” said Kasper Lindgaard, Director of Research and Security at Flexera. “As the potential for breaches expands, the pressure is on executives to increase vigilance through better operational processes – instead of reacting to risks that hit media headlines and cause disruption. The Equifax breach and WannaCry attacks taught us that.”
Avoiding Attack is Possible: 86 Percent of Patches Available on Disclosure Day
The Flexera report offers hope for companies seeking to minimise their risk of incidents. Patches were available for 86 percent of the vulnerabilities on the day of disclosure. In addition, zero-days – instances in which a vulnerability is exploited before public disclosure – remain rare. Only 14 of the 19,954 known vulnerabilities in 2017 were zero-days, a 40 percent drop from 2016.
“Organisations need to take advantage of this knowledge to remediate most vulnerabilities before risk of exploitation increases,” advised Lindgaard. “But the process cannot be adhoc. Without a consistently applied patching methodology, organisations will slip, leaving vulnerabilities unpatched for long periods. This gives criminals a large window of opportunity to execute their attacks. We advise a formal, automated software vulnerability management process that leverages intelligence to identify risks, prioritise their importance and resolve threats.”
Key Findings from the 2018 Vulnerability Review
1. In 2017, Secunia Research at Flexera detected 19,954 vulnerabilities discovered in 1,865 applications from 259 vendors. This represents an increase of 38 percent over five years, and 14 percent when compared to the previous year.
2. 86 percent of vulnerabilities had a patch available within 24 hours of disclosure, compared to 81 percent in the previous year.
3. The number of zero-days – vulnerabilities exploited prior to public disclosure – dropped to 14, compared to 23 in the previous year.
4. 17 percent of vulnerabilities in 2017 were ranked Highly Critical, and 0.3 percent as Extremely Critical.
5. The primary attack vector to trigger an attack was via a remote network at 55 percent.
About the Vulnerability Review 2018
The annual Vulnerability Review from Secunia Research at Flexera analyses the evolution of software security from a vulnerability perspective. It presents global data on the prevalence of vulnerabilities and the availability of patches, and maps the security threats to IT infrastructures.
Different approaches to counting vulnerabilities are adopted by research houses in the vulnerability management space. Secunia Research at Flexera counts vulnerabilities per product the vulnerability appears in. We apply this method to reflect the level of information customers need, to keep their environments secure, i.e. verified intelligence on all products affected by a given vulnerability.
Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1200+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at www.flexera.com.
*All third-party trademarks are the property of their respective owners.