View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
March 26, 2015

Your app may be compromised: vulnerabilities rise in 2014

Secunia reveals that 500 different vendors are putting out apps with vulnerabilities.

By Alexander Sword

Secunia has announced that it discovered 15,435 vulnerabilities across 3,870 applications in 2014.

The figure represents an 18 percent increase in vulnerabilities compared to the previous year, and a 55 percent increase in the last five years.

11 percent of the vulnerabilities discovered in 2014 were rated as ‘Highly Critical’, and 0.3 percent as ‘Extremely Critical’.

The vulnerabilities were found across applications published by 500 different vendors. The five most popular browsers, Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari, showed a 42 percent increase in vulnerabilities from 2013.

The Top 50 most popular applications showed a worrying trend, with 1,348 vulnerabilities being discovered in 2014, with 64.9 percent rated as ‘Highly critical’ and 9.7 percent as ‘Extremely critical’.

Meanwhile 25 zero-day vulnerabilities were revealed in 2014, compared to 14 the year before. 20 of these were found in the 25 most popular products.

Kasper Lindgaard, Director of Research and Security at Secunia, commented: "Every year, we see an increase in the number of vulnerabilities discovered, emphasizing the need for organisations to stay on top of their environment.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

"IT teams need to have complete visibility of the applications that are in use, and they need firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed."

Encouragingly, the report revealed that 83 percent of applications that were known to security teams had a security patch available on the day the vulnerability was disclosed to the public. This represents a significant improvement since 2009, when the equivalent figure was 49.9 percent.

Lindgaard added: "But numbers also show that while an impressive 83 percent of vulnerabilities have a patch available on the day of disclosure, the number is virtually unchanged when we look 30 days ahead. 30 days on, just 84.3% have a patch available which essentially means that if it isn’t patched on the day of disclosure, chances are the vendor isn’t prioritising the issue.

"That means you need to move to plan B, and apply alternative fixes to mitigate the risk.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.