9,776 Vulnerabilities Identified in 2012, Secunia Study Finds

Secunia has released its 2013 Vulnerability Review report

By on March 14th, 2013 23:01 GMT

Secunia has released its 2013 Vulnerability Review report, which provides a clear picture on the evolution of software security from endpoint, enterprise, industry and global perspectives.

The figures show that when it comes to software vulnerabilities, a total of 9,776 were discovered in 2012, which represents a record if we compare it to the previous five years. However, the number of vendors and the number of products affected were at an all-time low last year.

In 2011, security holes were uncovered in the products of 477 vendors, but in 2012, the number dropped to 410. A similar trend can be observed in the number of products affected by flaws. A total of 2,503 products were found to be vulnerable last year.

Of all the vulnerabilities discovered in 2012, only 0.5% were extremely critical. 18.3% were highly critical, 29.2% were moderately critical, 46.6% were less critical and 5.4% were not critical at all.

To make the report more informative for endpoint users, Secunia has made a list of the top 50 applications, 29 of which from Microsoft and 21 of which from third parties.

It turns out that a majority of the vulnerabilities (86%) actually plagued third-party programs, instead of ones developed by Microsoft, or operating systems in general.

When it comes to patches, 84% of the security bugs discovered in 2012 had patches available on the day they were disclosed.

As far as popular web browsers are concerned, an increase has been recorded compared to the previous year. In 2011, 629 bugs were identified in browsers, but last year, the number increased by 110 flaws.

The Secunia study also covers SCADA vulnerabilities. The company has found that in most cases, local networks are used as attack vectors (54%), followed by remote networks (41%) and the local system (5%).

An infographic that nicely sums up the report is available here. The complete Security Vulnerability Review is available here.

Comments