Report: Secunia Research Discovered 16,081 Software Vulnerabilities in 2015
More than 16,000 software vulnerabilities found in 2015
A recently released report by global software firm Secunia Research revealed that more than 16,000 vulnerabilities were found across 263 vendors and 2,484 applications in 2015.
In its annual Vulnerability Review, Secunia Research found an increase in of 39 percent in vulnerabilities across five years, and a slight increase of 2 percent from 2014 numbers.
Extremely critical advisories rise slightly in 2015
As a result of these vulnerabilities, Secunia issued advisories according to the level of indicated threat:
- Extremely Critical: 0.5 percent, an increase from 0.3 percent in 2014
- Highly Critical: 13.3 percent
- Moderately Critical: 25.5 percent
- Less Critical: 45.6 percent
- Not Critical: 15.1 percent
Remote attacks still rank highest, but local network attacks increase
Secunia indicated that although the majority (57 percent) of attacks were from remote networks, this is a decrease from 2014 where remote networks accounted for 60.2 percent of attacks. The report also showed a corresponding rise in local network attacks, going from 33.4 percent in 2014 to 35.5 percent in 2015.
The report also indicated that the majority of vulnerabilities found related to non-Microsoft software applications installed on computers -- 78.7 percent of the total vulnerabilities.
Top browser vulnerabilities
Among popular Web browsers, Google Chrome had 516 vulnerabilities, Mozilla Firefox 254, Microsoft Internet Explorer 197, and Opera had 16. Mozilla remains as the highest browser software in number of unmatched vulnerabilities, Secunia said.
Other applications with notably high vulnerabilities include Adobe Reader with 133, Apple iTunes at 130, Oracle Java JRE at 81, Microsoft Excel (52), Microsoft Word (45), and Microsoft PowerPoint (31).
The time to patch for 83.6 percent of all vulnerabilities was one day. All remaining vulnerabilities took longer than one day, but only 84.7 percent of all vulnerabilities had a patch 30 days after disclosure.