Secunia report details state of cyber security
SUBNET Solutions Inc | Monday, June 11, 2012
The Secunia Yearly Report 2011 discusses current cyber security measures in use, and details which systems may be most at risk for the onslaught of new threats that could arrive in the future.
The report noted that a number of businesses and organizations are exposing themselves to serious threats by not addressing errors in their software that are installed on end-points and exploited, in a sense leaving their windows and doors wide open for cyber criminals to pass through. These vulnerabilities have the potential to affect anyone who uses the internet - 31 percent of the world's population - including businesses and utilities.
After analyzing data from 2006 to 2011, it became clear that the software industry is still struggling to keep the number of vulnerabilities down. The report assessed the average number of vulnerabilities that affected products of the top 20 vendors, and found that "it is clear that none of these vendors managed to reduce the number of vulnerabilities in their products."
"Identifying and remediating vulnerabilities in deployed products therefore remains a critical task for organizations and private users in order to manage the risks of security breaches and system compromise," the report added.
The report's list of top 20 vendors, which compared the average number of vulnerabilities of the five years leading up to 2010 to 2011 numbers, showed there were a total of 2,227 unique vulnerabilities among them all. Interestingly, the top five vendors on the list - Novell, Red Hat Canonical, Debian and Gentoo - all run a Linux operating system.
Although Microsoft is also placed at number nine on the list, the report notes that the number of lines of code that Microsoft has in all of its products far exceeds the amount of code in the top five vendors combined.
The report confirms what has been known among security professionals for some time - that no matter what operating system is being used, dangerous vulnerabilities will exist. The solution, then, is to develop a strong patch management program to proactively mitigate the risks of vulnerabilities.
Microsoft has been recognized for its ability to consistently deliver patches to vulnerabilities, compared with other vendors that wait for these threats to arise before performing patchwork. SUBNET, a Microsoft Certified Gold Partner, takes a similar approach to proactively managing cyber security risks in smart grid infrastructure.
Substation Cyber Security