Microsoft Overtakes IBM as Most Buggy Software Vendor

Microsoft Overtakes IBM as Most Buggy Software Vendor

Microsoft was the software vendor with the largest number of vulnerable products from August-October this year, overtaking IBM for the first time since reporting began, according to Flexera Software.

The security and compliance firm, which bought vulnerability management vendor Secunia recently, claimed Microsoft had 12 products affected by bugs, as opposed to IBM’s eight.

But Redmond has Adobe to thank for being nudged up the vulnerability charts, according to Kasper Lindgaard, director of Secunia Research at Flexera Software.

“The reason so many Microsoft products are in the Top 20 lists this time is that both Microsoft Internet Explorer and Microsoft Edge come bundled with Adobe Flash, adding the 35 Flash vulnerabilities listed in August to Windows 8 and upwards,” he said.

“This means that for Windows systems from 8 and later, the 35 vulnerabilities in Adobe Flash Player are added to the Microsoft vulnerabilities, resulting in these products climbing higher than they otherwise would.”

Photo © tumasia

Flexera reminded users that not just their PC software needs regular patching, but also the increasing number of appliances and IoT devices found in homes.

“One such product is the QNAP NAS—a network attached storage device, used for data storage by private users and small businesses. Twenty-one vulnerabilities were recorded in QNAP NAS in August—not a huge number, but since one vulnerability is all it takes for hackers, the size of the number doesn’t really matter,” the report warned.

“The ease and intuitiveness of update processes for these consumer-facing hardware appliances vary a great deal—exactly as we are used to seeing it in the classic software application space. Some make it very simple—in the case of QNAP NAS the update mechanism is in fact far simpler than what most software vendors can muster, and an example for other manufacturers to follow.”

In total, Flexera found 2,450 vulnerabilities over the three month period.

Source: Information Security Magazine