14 DAY TRIAL // In 2015, security researchers from Secunia detected 16,081 vulnerabilities in 2,484 software applications from 263 different vendors.
This represents a 2% increase compared to 2014, and a 39% rise compared to 2010. The numbers are bound to be higher in reality if we take into account all currently available software, with Secunia admitting the research included far fewer vendors than in the previous years and also scanned fewer applications.
What Secunia's staff discovered was that, during the past year, most of the detected bugs were categorized as less critical (45.6%), moderately critical bugs accounted for 25.5%, highly critical bugs for 13.3%, and only 0.5% of detected bugs were extremely critical.
More than half of security bugs can be exploited via the Internet
What's dangerous, though, is that 57% of these bugs could be exploited from a remote network, 35% from the local network while only a small percentage (8%) required the attacker to launch their exploits from the victim's computer.
Most vulnerabilities were found in Google Chrome (516), followed by Adobe Flash (457), Adobe Air (306), Mozilla Firefox (254), Microsoft Internet Explorer (197), Microsoft Windows 7 (144), Adobe Reader (133), Apple iTunes (130), Oracle Java JRE (81), and Microsoft Excel (52).
As for zero-day vulnerabilities, as mentioned above, despite the smaller number of scanned applications and vendors, Secunia managed to find 23 zero-day bugs, 3 more than in 2014.
Browsers patch vulnerabilities in less than a month
More troubling is the fact that Secunia discovered 1,114 vulnerabilities in the five most popular browsers in 2015. With most of today's technology revolving around the Internet, browser bugs are becoming as dangerous as OS-level issues.
But Secunia also noticed a good thing about browser vulnerabilities, and that is the fact that browser vendors are among the quickest to issue patches when a security flaw is discovered.
In the past two years, Secunia has seen that it takes browser vendors less than 30 days to come up with a patch from the moment a vulnerability is detected to when an update is available for download.
More details and in-depth statistics are available in the Vulnerability Review 2016 report by Secunia Research at Flexera Software.
