Every year, Secunia publishes its Secunia Vulnerability Review. The 2013 version results do not bode well for our state of security. Here are some of their findings from 2012:
In 2012, 2,503 vulnerable products were discovered with a total of 9,776 vulnerabilities in them.
There’s an average of 4 vulnerabilities per vulnerable product.
Vulnerabilities were discovered in 2,503 products from 421 vendors.
The number shows a 15% increase in the five year trend, and a 5% increase from 2011 to 2012.
One fifth of the criticalities discovered in all products were rated as either ‘Highly critical’ (18.3%) or ‘Extremely critical’ (0.5%).
With an 80% share, the primary attack vector for all products was Remote Network.
Two things concern me: 1. That the trend is increasing; and, 2. That remote attacks are the primary vector. This tells me that we have to get better at hardening our perimeters and educating our users to keep the doors to our network closed.
And, of course, software companies need to work harder at closing security holes.