Vendors are failing to help IT departments effectively patch vulnerabilities, as 2011 marked another low point for the software industry, according to a security company's report.
Too few vendors are being proactive in promoting patching and easing the burden for IT managers, Thomas Kristensen, chief security officer at Secunia, told IT Pro.
"Vendors in general should improve their communication to customers and the patch distribution mechanism (for consumers that would imply auto updating)," Kristensen said.
His comments came as Secunia's annual patch report found none of the top 20 software providers, including tech giants like Apple, Microsoft and Google, were able to cut the number of flaws in their products over the past five years.
Despite massive security investments by the industry, vulnerabilities are still rising and increasing manifold.
Secunia slammed the software industry for remaining in "static mode."
Vulnerabilities affecting typical end-points more than tripled to over 800. Over three-quarters of these were found in third-party, non-Microsoft programs, debunking the myth that the Redmond giant's products are responsible for many security holes within organisations.
Businesses who choose to only secure the operating system and Microsoft programs leave themselves open to "considerable risk," Secunia warned.
In particular, Kristensen warned over complacency amongst Apple product users.
"Many vulnerabilities are being discovered in products running on Mac OS X and iOS devices. Also there seem to be more exploits being developed for Mac based products," he said. "This combined with the uptake of Mac is likely to cause criminals to start targeting Mac users as well."
Kristensen advised getting the appropriate intelligence about vulnerabilities in relevant programs. Security information and event management (SIEM) technologies can help organisations with this.
He also recommended CIOs "enforce a policy that dictates how frequently/fast security-related updates should be applied."
Users also need to get their act together, Secunia said, as 72 per cent of vulnerabilities had a patch available on the day of disclosure.
In 2011, Secunia found over half of vulnerabilities were rated as "medium", "highly", or "extremely critical," showing many presented a genuine threat.
Over three quarters of flaws in 2011 were exploitable from a remote network.
The worst offenders
Secunia listed the top 20 companies with the most vulnerabilities in their software. Novell came out with the most, as 2011 saw its software affected by 1,113 flaws. Red Hat was in second, with 982.
Most of those two companies' flaws were shared, meaning they affected products of other vendors, Secunia said.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Walking the line: GitOps and Shift Left securityWhitepaper Scalable, developer-centric supply chain security solutions
-
Avaya reseller helped coordinate $88m pirate software schemeNews New Jersey-based businessman, Jason Hines, pleaded guilty in an Oklahoma court on Friday
-
Attack on third-party software vendor disrupts NHS ambulance servicesNews The ambulance services serve more than 10 million people across the south of England
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
The best TeamViewer alternativesIn-depth Exploring TeamViewer alternatives? These eight remote desktop software tools are feature-packed and could help you save money
-
Tool that scans office software for vulnerabilities finds almost 100 in Word and AcrobatNews Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewards
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
How to boot into Windows 11 Safe ModeIn-depth Long-time Windows users will already be familiar with Windows 11 Safe Mode, but what exactly is it for and how do you boot your system into it?
