Secunia Research at Flexera recently released their quarterly Vulnerability Update. The report lists a total number of 2686 Software Vulnerabilities, recorded across the top 20 products with the highest number of vulnerabilities in the May to July timeframe.
Usually, widely familiar enterprise and personal applications like web-browsers, operating systems, PDF readers and all kinds of desktop and datacenter software from big vendors like Oracle, IBM, Microsoft and others show up in these reports. In the May to July 2016 timeframe however, the application with the highest number of Software Vulnerabilities was Philips Xper Connect, a hospital information system. Kasper Lindgaard, Director of Secunia Research at Flexera comments “The healthcare industry, for instance, is a prime target for hackers looking to harvest protected health information and personally identifiable information for trading in the underground markets.”
With more industry-specific niche applications entering the market, the software vendor landscape is changing and so are the targets for hackers. This is gaining momentum with the market entry of new IoT applications that usually include embedded software on connected devices as well as mobile, Cloud or SaaS solutions. In a recent interview with Infosecurity, Kasper Lindgaard mentioned that “not all IoT device and systems vendors will pay, or are paying, the attention that is needed for vulnerabilities – as noted in a number of industry presentations given at various security conferences this year”. As another example, just recently a Linux Trojan that targets IoT devices and ropes them into DDoS botnets has been detected.
What does this mean for the Industry? It is a twofold issue –
- As suggested by the vulnerability research experts from Secunia Research, Enterprises need to monitor their software estate for vulnerabilities and mitigate them
- Software developers (including developers of software on devices) on the other hand, have to take all measures to reduce the number of vulnerabilities in their products. This relates to the software development process itself, that should always meet current security standards but it also means that developers need to be able to act quickly when vulnerabilities are detected in their products. It is important to know which customer is using which version of a particular software product. Based on that information, the process of notifying customers about vulnerabilities or available patches should be automated, as well as the process of delivering updates and patches to the customer base.
Want more on this topic?
- Read about the Jeep® hack and how a software update strategy can keep you out of the headlines
- Watch the video Protecting your Software Revenue Stream with Tamper Resistant Applications
- Learn more about the value of a purpose-built solution for Entitlement Management and for automated Software and Firmware updates.
