View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 24, 2019updated 25 Jan 2019 10:50am

Seven Out of Every Ten Open Vulnerabilities Belong to Just Three Vendors

“We would presume financial services would address flaws and potential doorways to data breaches promptly as it’s a highly regulated industry.”

By CBR Staff Writer

Seven out of every ten open vulnerabilities observed by customers belongs to just three vendors, Oracle, Microsoft and Adobe.

These are the findings of cyber security enterprise Kenna Security in their new report Prioritization to Prediction, which explores how enterprises are dealing with open vulnerabilities.

In their report Kenna found that Oracle accounts for 34 percent of the open vulnerabilities that customers have observed, while Microsoft and Adobe both stand at 17 percent. Kenna is quick to point out that the fact these companies are in the top three is not surprising given their extensive foothold within the market.

They also found that 40 percent of vulnerabilities discovered in enterprise networks are still, as of today, not patched. While over 75 percent of common vulnerabilities and exposures (CVE) are left open a year after they have been published. While this can often be explained by the minor nature of some of these flaws, Kenna note that many CVE’s have not been given a risk score.

Kenna Security state that a staggering 544 million exploitable vulnerabilities have been discovered, but this only equates to 5 percent of enterprises vulnerabilities.

Ed Bellis CTO at Kenna Security commented in an emailed statement that: “We’ve found that remediating the riskiest vulnerabilities is within reach for many organizations. Despite recent high-profile data breaches, our findings show that enterprises can and should delay efforts to remediate a majority of vulnerabilities, which often number in the millions.”

“Most vulnerabilities pose little to no danger of being exploited. That means companies can prioritize their resources to tackle the five percent of threats that pose the greatest risk.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Banking Apps Also at Risk From Open Vulnerabilities

While the research from Kenna Security shows how many vulnerabilities are exploitable, a similar report from application security enterprise Veracode found that 67 percent of applications used by banks are at risk of leaking information.

Veracode in their State Of Software Security report found that over two-thirds of banking applications are at risk of threat actors exploiting them to reveal sensitive data that could be used to further exploit the application or its users.

Paul Farrington, Director of EMEA and APJ at Veracode commented in an emailed statement that: “Since financial institutions and banks hold highly valuable information and critical assets, they will continue to be a target of cybercriminals and malicious hacking,”

“Our data shows the financial services sector scanning a huge volume of applications and finding flaws that need fixing. While that is encouraging, the next frontier is achieving greater speed in fixing those flaws because speed matters. The speed at which organisations fix flaws they discover in their code directly mirrors the level of risk incurred by applications. The sector should consider all dimensions of risk to prioritise which flaws to fix first.”

It has to be noted that both Veracode and Kenna Security worked in collaboration with the Cyentia Institute, a cybersecurity research organisation, to produce both reports.

See Also: US Issues Emergency Directive over DNS Hijacking Amid Shutdown

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.