14 DAY TRIAL // Danish vulnerability research vendor Secunia has launched a new initiative to provide periodic and comprehensive reports about the security of popular applications, which take into account various metrics.
Dubbed Security Factsheets, these reports will be released quarterly and will present data in a standardized format so that interested parties can make informed decisions about vendors and applications.
The factsheets will contain year-on-year comparison of the number of advisories and vulnerabilities, as well as their associated attack vectors, criticality and impact classification.
Other relevant information that is often missing from vulnerability reports, such as patch status at the time of advisory publication and vendor response times to advisories from the past two years, will also be included.
”In the software industry we still lack coherent, standardised, and scheduled reporting of important security parameters for software products,” notes Stefan Frei, research analyst director at Secunia.
“In the finance industry, for example, key performance parameters are reported yearly or quarterly to consistently provide interested parties, and the public, with relevant information for decision-making and risk assessment. “We thus created the Secunia Security Factsheets to fill this gap for our industry and help answer many questions that otherwise required extensive manual data mining,” he adds.
Secunia is one of the world's leading providers of vulnerability intelligence and maintains a database of vulnerabilities for over 30,000 operating systems, applications and appliances.
However, the company initially plans to provide factsheets for the most popular applications and later expand based on feedback. The methodology used to compile the reports is publicly available for review and commenting.
So far the company has released Q3 factsheets for nine programs and operating systems. They are Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, Opera, Adobe Reader, Adobe Flash, Sun/Oracle Java and Microsoft Windows.