- July 18, 2018
- Posted by: admin
- Category: Blog
The Annual vulnerability review report analyzes the evolution of software security from a vulnerability perspective. The Top Desktop Apps issue explores vulnerabilities in the 50 most popular applications on desktops. This also gives an idea on the key figures and facts on vulnerabilities affecting most common desktop applications.
What does Vulnerability Review Report 2018 cover?
This annual vulnerability review report is based on the data from the guys at Flexera’s security division – Secunia Research. Secunia monitors more than 55,000 applications, appliances and operating systems, and tests and verifies the vulnerabilities reported in them.
This edition focuses on a subset of this data: the Top 50 Windows Desktop Applications. The vulnerability database covers vulnerabilities that can be exploited in all types of products – software, hardware, firmware, etc.
This brand-new edition of the vulnerability review report, focuses on the most common desktop applications to give IT professionals knowledge to better evaluate strategies to keep their systems secure and their users undisturbed and productive. It helps demystifying security patching and understanding that it’s possible to create a patching program that can be effective, without disturbing users or creating additional overhead.
The data in this review will make it possible to understand the vulnerability landscape when it comes to the most common desktop applications and shows that it’s possible to address security risks with patches for almost all vulnerabilities affecting the most common desktop applications.
Number of Vulnerabilities – Top 50 Portfolio
The number of vulnerabilities in the Top 50 portfolio was 1,922, discovered in 22 products from 8 vendors with Microsoft Windows 7 being the most used operating system. The number shows a 27% increase in the five-year trend, and a 3% decrease from 2016 to 2017.
Criticality – Top 50 Portfolio
The combined number of ‘Highly Critical’ and ‘Extremely Critical’ vulnerabilities: 83% represented the majority of vulnerabilities in the Top 50 rated by Sec. Research in 2017.
Attack Vector – Top 50 Portfolio
With a 93.9% share, the foremost attack vector available to attackers to trigger a vulnerability in the Top 50 portfolio was Remote Network. This is actually a significant increase when compared to 2016. Local Network saw a decrease, from 4.5% in 2016, to 2.7% in 2017. Local System recorded a steep decrease compared to last year, from 13.5%, to 3.4% in 2017.
Can be divided into 3 categories – Microsoft apps, Non-Microsoft apps and Operating Systems.
Microsoft applications: Represent 65% of the Top 50 applications on a computer with Personal Software Inspector installed.
Non-Microsoft applications: Software from all other vendors – represents 33% of the Top 50 applications on a computer with Personal Software Inspector installed.
In 2017, 65% of the vulnerabilities affecting the Top 50 applications in the representative software portfolio affected non-Microsoft applications. This means that 35% of the remaining vulnerabilities in the Top 50 applications installed on the computers of Personal Software Inspector users stem from the Windows 10 operating system (14%) and Microsoft applications (21%).
The choice of operating system had an impact on the total number of vulnerabilities on a typical endpoint: In 2017, 14% of vulnerabilities were reported in Windows 10.
There were more vulnerabilities reported in Microsoft applications in 2017 compared to the previous year: up from 13.5% to 21%. The vulnerability count in Microsoft applications was 390 in 2017; in 2016 it was 219.
Increase in vulnerabilities in Windows
Data shows a decrease in in the number of vulnerabilities recorded in all Windows operating systems except Windows 7:
- Windows 10 went from 380 in 2016, to 363 in 2017
- Windows 8 went from 369 in 2016, to 335 in 2017
- Windows 7 went from 151 in 2016, to 249 in 2017
Time to Patch
In the Top 50 applications, 93.9% of vulnerabilities had a patch available on the day of disclosure. This number is a notch higher than the 92.5% time-to-patch rate that was recorded in 2016.
However, there are still 6.1% of vulnerabilities that remain without a patch for longer than the day of disclosure.
For more interesting facts download the Vulnerability Review Report 2018 – Top Desktop Apps today!