Software vulnerabilities are up -- but it's not Microsoft's fault
The number of software vulnerabilities has increased over the last year, but the majority of them are in non-Microsoft products.
This is a key finding of the latest Vulnerability Review from Flexera Software, which in 2015 recorded 6,081 vulnerabilities in 2,484 products from 263 vendors. This compares to 2014's figures of 15,698 vulnerabilities in 3,907 products from 514 vendors.
"The substantial 36 percent drop in number of products and 49 percent drop in vendors primarily reflects an adjustment in focus from Secunia Research to only monitor the systems and applications in use in the environments of customers of Flexera Software's Software Vulnerability Management product line", says Kasper Lindgaard, director of Secunia Research at Flexera Software. "This change is caused by a continuous rise in the number of vulnerabilities reported in recent years, and we are currently seeing other research houses choosing similar strategies -- CVE Mitre, for example".
Looking at the 50 most popular applications on private PCs -- identified using Flexera's Personal Software Inspector -- the split between vulnerabilities in Microsoft and non-Microsoft products shows 21 percent for Microsoft and 79 percent for other vendors. This is despite Microsoft products making up 67 percent of the top 50.
In 2015, 1,114 vulnerabilities were discovered in the five most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari. That represents a four percent increase from 2014.
Over the same period 147 vulnerabilities were discovered in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.
There's some good news in the fact that 84 percent of vulnerabilities in all products had patches available on the day of disclosure in 2015. The number of zero day vulnerabilities at 25 was the same as in 2014.
For more detail and to download a copy of the full report you can visit the Flexera website.