V
Virus Guy
Secunia released their mid-year 2010 vulnerability report recently:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
This is what I found interesting (page 6):
---------------
Figure 2 visualizes the dynamics in the Top-10 group and indicates that
popular vendors are also subject to more scrutiny by the security
community/researchers than less popular vendors; Oracle (including Sun
Microsystems and BEA Logic) ranked #1 in four out of five years
overtaken by Apple in the first half of 2010, with Apple consistently
ranking higher than Microsoft.
---------------
Apple ranks #1 in terms of having the most vulnerabilies during the
first half of this year, followed by Oracle (Sun), Microsoft, HP and
Adobe.
Interesting to see that 91% of the computer's in Secunia's sample had
Acrobat reader installed on it, 89% had Sun Java JRE, and 99% had Flash
player.
While only 15% were running Apple Safari, 43% had iTunes.
Perhaps the most relavent take-home message:
---------------
Today we are facing a much more challenging and complicated problem that
is likely to take years to solve; patching of 3rd party software.
Looking at the Top-50 programs installed by Secunia PSI users we see
that the programs come from 14 different vendors, it is also worth
considering that all the programs covered by Secunia PSI is spanning a
total of 3,000 vendors. Only recently have we seen significant
initiatives from Adobe, the most prevalent “3rd party” vendor due to
Adobe Flash Player and Adobe Reader, to start updating all their users
in a more efficient and rapid manner than earlier. This seems to be a
response to the increased exploitation of Adobe Reader vulnerabilities
in 2009.
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
This is what I found interesting (page 6):
---------------
Figure 2 visualizes the dynamics in the Top-10 group and indicates that
popular vendors are also subject to more scrutiny by the security
community/researchers than less popular vendors; Oracle (including Sun
Microsystems and BEA Logic) ranked #1 in four out of five years
overtaken by Apple in the first half of 2010, with Apple consistently
ranking higher than Microsoft.
---------------
Apple ranks #1 in terms of having the most vulnerabilies during the
first half of this year, followed by Oracle (Sun), Microsoft, HP and
Adobe.
Interesting to see that 91% of the computer's in Secunia's sample had
Acrobat reader installed on it, 89% had Sun Java JRE, and 99% had Flash
player.
While only 15% were running Apple Safari, 43% had iTunes.
Perhaps the most relavent take-home message:
---------------
Today we are facing a much more challenging and complicated problem that
is likely to take years to solve; patching of 3rd party software.
Looking at the Top-50 programs installed by Secunia PSI users we see
that the programs come from 14 different vendors, it is also worth
considering that all the programs covered by Secunia PSI is spanning a
total of 3,000 vendors. Only recently have we seen significant
initiatives from Adobe, the most prevalent “3rd party” vendor due to
Adobe Flash Player and Adobe Reader, to start updating all their users
in a more efficient and rapid manner than earlier. This seems to be a
response to the increased exploitation of Adobe Reader vulnerabilities
in 2009.