Security Products Riddled with Bugs
Nearly a quarter of the top 20 products with most vulnerabilities in the period August-October this year was security software, according to new research from Flexera Software.
The vendor’s Secunia Research team studied the top 20 in each month – comprising a total of 46 products across the report period.
Some 11 of these were security products from some of the world’s biggest and best known vendors including IBM, McAfee and Palo Alto Networks.
Part of the problem lies with open source and third party components, which are often reused in code without adequate checks to ensure there are no bugs present.
Jeff Luszcz, vice-president of product management for Flexera’s Software Composition Analysis solutions, explained that open source components comprise as much as half of the global code base.
“As the Heartbleed open source vulnerability reminds us, vulnerable open source components built into software products can cause global disruption if they are not discovered and patched prior to delivering software products to customers,” he added.
“Every software and IoT producer must understand these risks, and leverage technology to automate open source component scanning, governance and vulnerability management.”
The findings reflect research from Forrester released in October which revealed a host of security issues in products from many top vendors including FireEye, Symantec, Cisco and Fortinet.
The latest Vulnerability Update from Flexera also warned of the growing risk from commonly used browser and PDF readers.
To illustrate the point, seven such products appeared at least once on the top 20 products with the most vulnerabilities during the report period, the firm claimed.
In 2015, Secunia Research reported a whopping 16,081 vulnerabilities across more than 2400 products and 263 vendors in 2015 alone.
Some 1114 vulnerabilities were discovered in the five most popular browsers – Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari – and 147 bugs were discovered in the most popular readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.
Source: Information Security Magazine