Third-Party Software Bugs Pose Big Danger, Secunia Finds
Secunia concludes that a mistaken belief that Microsoft and the operating system are the primary attack vectors has caused some organizations to let their guards down when it comes to security for third-party applications. Software vendors need to do a better job of making it easy for users to update their computers, Secunia said.Secunia is calling out application vendors for poor updating practices and reminding users that third-party software vulnerabilities-and not bugs in the operating system-are the main targets of attackers. In the Secunia Half Year Report 2010, (PDF) the company says it found that the number of vulnerabilities affecting the average end-user PC reached 380, almost 90 percent of the total (420) found in all of 2009. On average, 10 vendors-including heavyweights Microsoft, Apple and Oracle-are responsible for 38 percent of all vulnerabilities, Secunia said. Apple led the way and the other four companies with the most vulnerabilities were Oracle, Microsoft, Hewlett-Packard and Adobe Systems.
For PC users, the threat of unpatched third-party apps is not abating. According to Secunia, a typical end-user PC with 50 programs installed had more than three times as many vulnerabilities in the 24 third-party programs than in the 26 Microsoft programs installed.