Third-party applications accounted for a whopping percentage of vulnerabilities last year, many more than security flaws found in Microsoft programs according to a report released this week by Danish vulnerability research firm Secunia.
Eighty-seven percent of the vulnerabilities found in the top 50 programs affected third-party programs such as Adobe Flash and Reader, Java, Skype, various media players and others outside the Microsoft ecosystem. That means the remaining 13 percent “stem from operating systems and Microsoft programs,” according to Secunia’s Vulnerability Review report, released yesterday.
The number of flaws targeting Windows users rose 5.5 percent last year. The CVE count in Microsoft programs went down 21 percent from 2011 to 2012, a number the report attributes to MIcrosoft’s Patch Tuesday monthly software security update schedule.
The report goes on to describe the efficiency of patching processes, writing that last year 80 percent of vulnerabilities had a patch available on the day they were disclosed, up from 72 percent in the year prior.
The firm detected nearly 10,000 vulnerabilities during the last year across 421 vendors, a fifth of which Secunia deemed “highly critical.”
The information is based on data the firm gathered from millions of computers with its Personal Software Inspector (PSI) installed over the last year.