Security Protection – Harry Waldron MVP Rotating Header Image

RSAC 2014 – Secunia advocates patching 3rd party products

 

Another beneficial security session from RSA conference as documented by PC Magazine:

http://securitywatch.pcmag.com/security/321109-rsac-hey-people-patch-your-programs

QUOTE:  Secunia’s free Personal Software Inspector tool checks all the software on your PC, identifies any programs that need updates, and helps you apply those updates. The company also gathers stats on vulnerabilities and publishes a yearly report. At the RSA Conference, Secunia’s CEO Peter Colsted and CTO Morten Stengaard went over the latest report with me.  “Overall, the majority of vulnerabilities are still in third-party programs,” said Stengaard. “The total number is increasing, with over 13,000 new ones in 2013 compared to an average of around 9,000 in previous years. The big increase is primarily driven by IBM. It’s still a huge problem, with over 2,000 vulnerable products.”

Stengaard noted that among the top 50 most commonly seen vulnerabilities, the most prevalent are non-Microsoft programs, even though the number of affected Microsoft programs is large. “Microsoft products are fairly well covered,” said Stengaard, “and people do tend to update.” (A recent study did show that keeping Windows patched is an important element of any security strategy). The report clearly shows vastly more vulnerabilities in the most popular browsers and PDF readers than in off-brands. “You can use whatever product you want, as long as you patch,” said Colsted. “If you know you’re not going to patch, you’re better off using a less common program.”

 

Comments are closed.