Welcome to the Vulnerability Review 2016
The annual Vulnerability Review by Secunia Research at Flexera Software analyzes the evolution of software security from a vulnerability perspective.
It presents global data on the prevalence of vulnerabilities and the availability of patches, to map the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.
Find out how many vulnerabilities were discovered in 2015
The data comes from Flexera Software's Vulnerability Database
In 2015, 2,484 vulnerable products were discovered with a total of 16,081 vulnerabilities in them.
Vulnerabilities were discovered in 2,484 products from 263 vendors.
Only products and vendors in use in the IT environments of Flexera Software’s Software Vulnerability Management customers are tracked systematically.
13% of the vulnerabilities discovered in all products were rated as ‘Highly critical’. 0.5% were rated as ‘Extremely critical’.
With a 57% share, the primary attack vector available for hackers for all products was Remote Network.
The data comes from Flexera Software's database
25 zero-day vulnerabilities were identified in 2015 - 23 of those in the Top 25 software portfolio.
This brings 2015 on a par with 2014 and with 2010 and 2011, which had 25, 23 and 26 zero-day vulnerabilities respectively.
We have seen a rise in the number of reported zero-day vulnerabilities in popular applications – from 12 in 2013 to 23 in 2015, in the Top 25.
The products used by the highest number of people are the ones zero-day vulnerabilities are primarily found in: You are exposed to the same amount of zero-day vulnerabilities when you use 25 applications or 400 applications
23 zero-day vulnerabilities does not mean that 23 applications in the Top 25 have zero-day vulnerabilities. The 23 zero-day vulnerabilities may be in the same product.
1.Please note: You may notice differences in numbers published in 2016 and 2015. For example, the total number of vulnerabilities in 2014 in was recorded as 15,435 in the Vulnerability Review 2015. In the Vulnerability Review 2016, the total number of vulnerabilities in 2014 is listed as 15,698. The fluctuations in number of vulnerabilities are caused by amendments to Secunia Advisories after they were first published, and after the data was compiled for the Vulnerability Review. ↩
2. The substantial drop in numbers of Vendors and Products for 2015 is occasioned by Secunia Research's decision to focus on the products and vendors present in the environments of Flexera Software’s Software Vulnerability Management customers.As a result, a number of products and vendors not used in customer environments are no longer tracked systematically. ↩