Third-party programs are responsible for the growth in vulnerabilities, with the share of third-party vulnerabilities on a typical end-point increasing from 45% in 2006 to 78% in 2011, according to the report. This compares with only 12% of vulnerabilities in operating systems and 10% in Microsoft programs in 2011.
The report found that the number of end-point vulnerabilities increased in 2011 to over 800 – a tripling within a few years – more than half of which were rated by Secunia as either highly or extremely critical.
Secunia judged that end-points are being attacked because they are vulnerable and they often contain the most valuable data (business-critical data, personal information, etc.). Because end-points are dynamic environments with unpredictable usage patterns, this makes them difficult to defend and secure, the company noted.
In addition, the report found that leading software producers have not been able to decrease the number of flaws in their products over the last five years. “We were shocked to find that none of the top 20 vendors were able to reduce the number of vulnerabilities in their products over the long-term perspective”, Stefan Frei, research analyst director at Secunia, told Infosecurity.
The top 50 software portfolio installed on a typical end-point comprises programs from 12 different vendors; therefore, 12 different update mechanisms are needed to keep a typical end-point secure (1 ‘Microsoft update’ and 11 additional update mechanisms), the report found.
For an organization with over 600 programs installed in its network, more than 50% of the programs that are vulnerable in one year will not be vulnerable the next year, and vice versa, the report found. Therefore, identification of all installed programs and an agile, dynamic patching strategy is the key to knowing the risks faced and successfully tackling vulnerabilities, Frei noted.
As an enterprise, “you need to know what software you have installed, what is critical and what is vulnerable, and put in place patches to protect those programs”, Frei said. “The good news is 72% of the vulnerabilities have patches available. Control is in your hands”, he added.