Page 55 - index
P. 55
Lots of vulnerabilities do not equal insecurity
Other findings in the report include an overview of the 1,035 vulnerabilities that were discovered
in the 5 most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and
Safari in 2014. That is a 42% increase from 2013.
Google Chrome also tops the list of the 20 core products with the most vulnerabilities recorded
in 2014, with a total of 504 vulnerabilities. The large numbers of vulnerabilities in Chrome are of
course not a direct reflection on how secure or insecure Chrome is. Rather, it is a reflection on
how aware Google as a vendor is about the security of Google Chrome. A large part of
vulnerabilities recorded in Google Chrome are discovered, fixed, and disclosed by Google
themselves, because the company puts a lot of resources into identifying the vulnerabilities
before hackers do.
Apart from Google Chrome, the list of the 20 products with the most vulnerabilities includes
other household names like Oracle Java and Internet Explorer. But among the 20 we also find
software such as VMware vSphere Update Manager and several IBM products - products that
pervade corporate infrastructures. IBM products dominate with a total of 8 products out the 20.
In the private sphere, the report takes a close look at the 50 most popular applications on
private PCs – the total number of vulnerabilities, a list of the vulnerable applications on the
average PC, the split of vulnerabilities in Microsoft and non-Microsoft applications respectively,
and the criticality ratings of the vulnerabilities.
For more information, read the Secunia Vulnerability Review 2015:
www.secunia.com/vulnerability-review
You can also sign up for my webinar on April 14:
“All about the thousands of 2014 vulnerabilities - From Secunia Research”
About the Author
Kasper Lindgaard is Director of Research and Security at Secunia.
He originally joined Secunia as Security Specialist in February 2011,
and became Head of Research in September 2012.
Kasper Lindgaard is in charge of developing and managing
Secunia’s Research Team, and is responsible for the quality and
reliability of Secunia Research, including the Secunia Advisories.
Secunia’s Research Team is respected throughout the security industry as provider of verified
vulnerability intelligence of the highest caliber.
Kasper Lindgaard works closely with software vendors and the security community to ensure
that Secunia Research is able to deliver the timely and accurate vulnerability intelligence that is
the core of Secunia’s business. As a Secunia spokesperson, Kasper Lindgaard offers insights
into vulnerability intelligence and trends in the security community. Prior to joining Secunia,
Kasper Lindgaard worked with development and code auditing.
55 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
