SOURCE: Flexera Software

Flexera Software

November 29, 2016 08:00 ET

Is Your Security Software Secure? Not So Much. One Reason? Vulnerable Open Source Components

New Flexera Software Vulnerability Update included 11 security products -- many of which used open source components containing vulnerabilities

ITASCA, IL--(Marketwired - November 29, 2016) - With security software serving on the front line -- protecting individuals and enterprises from hacker threat -- it may come up as a surprise that between August and October of 2016 -- 11 security products were included on a list of products with the most software vulnerabilities.

Flexera Software, the leading provider of Software Vulnerability Management and open source security solutions, just released its Vulnerability Update1 covering the Top 20 products with the most vulnerabilities in August, September and October, 2016. According to the report, of the 46 products appearing at least once in the list of top 20 products with the most vulnerabilities during those months, 11 were security-related products from vendors such as AlienVault, IBM, Juniper, McAfee, Palo Alto and Splunk.

Security Products Are Not Immune to Software Vulnerabilities

A vulnerability is simply a flaw in application code that, if left unpatched, can be exploited by hackers with malicious intent. Today's report underscores the reality that all applications can contain vulnerabilities -- even security software.

"It is important for organizations to understand that there will always be software vulnerabilities, and there will always be hackers with malicious intent, working to exploit those vulnerabilities," said Kasper Lindgaard, Director of Secunia Research at Flexera Software. "The good news is that the vast majority of vulnerabilities have patches available on the day they are made public. This means that companies and individual PC users that implement a Software Vulnerability Management solution can minimize their risk of attack -- and the consequences of stolen data."

Open Source Components Pose Significant Software Vulnerability Risk

Flexera Software's Secunia Research team reviewed the vulnerabilities in the security products named in today's report. They found that many of the vulnerabilities within those security products were actually imbedded in open source components used within those products.

According to Jeff Luszcz, Vice President of Product Management for Flexera's Software Composition Analysis solutions, software producers and Internet of Things (IoT) manufacturers routinely use open source components within their software code. "Open source components constitute as much as 50 percent of the global code base. And, as the Heartbleed open source vulnerability reminds us, vulnerable open source components built into software products can cause global disruption if they are not discovered and patched prior to delivering software products to customers," said Luszcz. "Every software and IoT producer must understand these risks, and leverage technology to automate open source component scanning, governance and vulnerability management."

You can download the Vulnerability Update here.

Resources:

Learn more about Flexera Software's:

Follow Flexera Software…

About Flexera Software

Flexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software. Our software licensing, compliance, security and installation solutions are essential to ensure continuous licensing compliance, optimized software investments, and to future-proof businesses against the risks and costs of constantly changing technology. A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com.

Copyright© 2016 Flexera Software LLC. All other brand and product names mentioned herein may be the trademarks and registered trademarks of their respective owners.

1 The Vulnerability Update is a recurring report based on data from Flexera Software's Vulnerability Database. It provides a Top 20 per month of products with the most vulnerabilities recorded over a three month period, along with brief comments from Secunia Research at Flexera Software.

Contact Information

  • For more information, contact:

    Flexera Software

    John Lipsey
    +1 (224) 465-9139
    Email contact