Which were the most vulnerable applications in the first half of 2010?
Below are the results after processing vulnerability data feeds as of July 7, 2010 from National Vulnerability Database (NVD), which is the U.S. government repository of standards based vulnerability management data:
Interesting highlights and remarks:
- Web browsers are the most targeted applications. They hold the top four places. Other popular targets for hackers are Adobe products, Java Runtime Environment and Microsoft Office.
- Discussions about which browser is most secure do not make much sense. They all have quite a number of new security vulnerabilities. Probably a safe web browser is one which is used by only a few people and therefore is not popular enough to get attention from hackers. However, on such a browser a lot of sites will not work simply because most developers only test their site on the top most used browsers.
- Adobe, Microsoft and Mozilla have the most products in the top 15:
o Adobe – 5 products
o Microsoft – 3 products
o Mozilla – 3 products
o Oracle – 2 products
o Apple – 1 product
o Google – 1 product
According to NVD new security vulnerabilities are published with a rate of 16 per day. Vendors are forced to release a lot of security updates to keep their products secure; therefore a vulnerability management tool like GFI LANguard can be very helpful. Currently LANguard can automate patching for 11 products out of the 15 mentioned above. Here is the full list of supported non-Microsoft products.