Home Emergency Management News Report: Secunia Research Discovered 16,081 Software Vulnerabilities in 2015

Report: Secunia Research Discovered 16,081 Software Vulnerabilities in 2015


More than 16,000 software vulnerabilities found in 2015

A recently released report by global software firm Secunia Research revealed that more than 16,000 vulnerabilities were found across 263 vendors and 2,484 applications in 2015.

In its annual Vulnerability Review, Secunia Research found an increase in of 39 percent in vulnerabilities across five years, and a slight increase of 2 percent from 2014 numbers.

Extremely critical advisories rise slightly in 2015

As a result of these vulnerabilities, Secunia issued advisories according to the level of indicated threat:

  • Extremely Critical: 0.5 percent, an increase from 0.3 percent in 2014
  • Highly Critical: 13.3 percent
  • Moderately Critical: 25.5 percent
  • Less Critical: 45.6 percent
  • Not Critical: 15.1 percent

Remote attacks still rank highest, but local network attacks increase

Secunia indicated that although the majority (57 percent) of attacks were from remote networks, this is a decrease from 2014 where remote networks accounted for 60.2 percent of attacks. The report also showed a corresponding rise in local network attacks, going from 33.4 percent in 2014 to 35.5 percent in 2015.

The report also indicated that the majority of vulnerabilities found related to non-Microsoft software applications installed on computers -- 78.7 percent of the total vulnerabilities.

Top browser vulnerabilities

Among popular Web browsers, Google Chrome had 516 vulnerabilities, Mozilla Firefox 254, Microsoft Internet Explorer 197, and Opera had 16. Mozilla remains as the highest browser software in number of unmatched vulnerabilities, Secunia said.

Other applications with notably high vulnerabilities include Adobe Reader with 133, Apple iTunes at 130, Oracle Java JRE at 81, Microsoft Excel (52), Microsoft Word (45), and Microsoft PowerPoint (31).

The time to patch for 83.6 percent of all vulnerabilities was one day. All remaining vulnerabilities took longer than one day, but only 84.7 percent of all vulnerabilities had a patch 30 days after disclosure.

Kimberly Arsenault Kimberly Arsenault serves as an intern at the Cleveland/Bradley County Emergency Management Agency where she works on plan revisions and special projects. Previously, Kimberly spent 15 years in commercial and business aviation. Her positions included station manager at the former Midwest Express Airlines, as well as corporate flight attendant, inflight manager, and charter flight coordinator. Kimberly currently holds a master's degree in emergency and disaster management from American Public University.