IoT Security Fears as Healthcare Software Tops ‘Buggiest’ Top 20
There were over 2,600 software bugs reported from May to July across the ‘top 20’ products, including flaws in highly sector-specific applications, which could be a worrying sign of things to come, according to Secunia.
The vulnerability management division of Flexera Software claimed in its latest Vulnerability Update that there were 2,686 flaws in the top 20 most buggy products appraised, in line with the November 2015-January 2016 list after a brief dip to 1,768 in February-April this year.
Microsoft topped the list of the most buggy vendors with a total of 518 vulnerabilities reported, with Windows 10, Windows Server 2012, Windows 8 and Windows RT the four products landing in the top 20.
However, Secunia claimed that users are at least patching when a fix becomes available.
Globally, unpatched Windows operating systems fell from 12.5% a year ago to 6.3% in Q2 2016, the firm claimed.
However, it was bugs in little-known software that could potentially cause the biggest challenge.
Although the headlines usually focus on Microsoft and Adobe, the reality is that the product with the most vulnerabilities in the May-July period was healthcare software Philips Xper Connect, with 272 reported vulnerabilities.
Secunia warned healthcare providers that patient data has become increasingly valuable on the cybercrime black market so steps must be taken to patch software promptly – something that’s often not done due to the criticality of uptime in these environments.
“Healthcare providers using this application must be aware of the impact of those vulnerabilities, the risk they represent and take actions to avoid exploitation, and the costly consequences associated with it,” the report warned.
Kasper Lindgaard, director of Secunia Research at Flexera Software, claimed that as the Internet of Things becomes increasingly pervasive, software issues represent a major risk to organizations.
“Not all IoT device and systems vendors will pay, or are paying, the attention that is needed for vulnerabilities – as noted in a number of industry presentations given at various security conferences this year,” he told Infosecurity.
“IT departments will be required to focus a lot of their attention on vulnerability intelligence and patch management as they continue to embrace these types of devices even more.”
Source: Information Security Magazine