Software industry fails to plug security holes, says Secunia

Vulnerabilities are still rising despite industry investments in security, says Secunia

In Secunia’s latest security report, the security firm warns that vulnerabilities are still rising, despite substantial security investment by industry.

Secunia reported the number of vulnerabilities increased, compared to the average of five years. This continued discovery of numerous vulnerabilities in software used by private and corporate users every day has a major impact on the security of all systems.

The Yearly Report 2011 states: “There is a continued need for private and corporate users of software to properly handle vulnerability information and remediation in order to manage and reduce the associated risks.”

Stefan Frei, research analyst director at Secunia, said: “The software industry has not managed to reduce the number of vulnerabilities.” 

Frei said that the complexity of  modern software products has eaten away the advantage of a secure software development cycle. 

Frei said: “There is also an economic issue. Time to market is extremely important – the first mover advantage. Security is hard to communicate. Nobody buys a secure product, but it takes time to develop secure code.”

Frei says this leads to a conflict: “Users are partially to blame because they want features; vendors are to blame because they build in features people don’t want and make security an afterthought.”

To combat the threat of hackers exploiting poor software quality, Secunia recommends organisations take a dynamic approach to patching. 

The report states: “The larger the organisation, the more important it becomes to dynamically identify vulnerable programs in order to remediate the most critical risks – deploying the patches that result in the largest reduction of risk. This approach becomes more important under the assumption of limited security resources.”

Read more on Hackers and cybercrime prevention