Third-Party Applications to Blame for 87 Percent of Vulnerabilities Last Year

Third-party applications accounted for a whopping percentage of vulnerabilities last year, many more than security flaws found in Microsoft programs according to a report released this week by Danish vulnerability research firm Secunia.

Third-party applications accounted for a whopping percentage of vulnerabilities last year, many more than security flaws found in Microsoft programs according to a report released this week by Danish vulnerability research firm Secunia.

SecuniaEighty-seven percent of the vulnerabilities found in the top 50 programs affected third-party programs such as Adobe Flash and Reader, Java, Skype, various media players and others outside the Microsoft ecosystem. That means the remaining 13 percent “stem from operating systems and Microsoft programs,” according to Secunia’s Vulnerability Review report, released yesterday.

The number of flaws targeting Windows users rose 5.5 percent last year. The CVE count in Microsoft programs went down 21 percent from 2011 to 2012, a number the report attributes to MIcrosoft’s Patch Tuesday monthly software security update schedule.

The report goes on to describe the efficiency of patching processes, writing that last year 80 percent of vulnerabilities had a patch available on the day they were disclosed, up from 72 percent in the year prior.

The firm detected nearly 10,000 vulnerabilities during the last year across 421 vendors, a fifth of which Secunia deemed “highly critical.”

The information is based on data the firm gathered from millions of computers with its Personal Software Inspector (PSI) installed over the last year.

Suggested articles

Heartbleed

Census Project Identifies Open Source Tools at Risk

The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.

How I Got Here: Andrew Jaquith

Dennis Fisher talks with Andrew Jaquith of SilverSky about his days running networks in the transportation industry, being there at the birth of @stake during his time at Cambridge Technology Partners, helping to kickstart the security metrics movement and what’s next for him.