Software vulnerabilities rise in 2010_ third-party bugs responsible

							?By sdnadmin | July 14, 2010
Recent research from security firm Secunia found third-party software was
increasingly responsible for many of the vulnerabilities seen during the first half of
2010.

While mainstream software providers such as Microsoft encountered its fair share of
bugs and issues requiring service updates and patches during the year, third-party
software bugs comprised a significant number of the increasing amount seen during
2010s first six months.

This is troubling as few third-party software vendors provide automated security
updates, especially with the frequency that Microsoft does. This then puts the
software users themselves in charge of consistently finding updates and then manually
downloading and installing them.

Said research analyst director at Secunia Stefan Frei, "we were astonished to see the
extent of the vulnerabilities in third-party software. The jump in vulnerabilities was
almost exclusively due to third-party applications, not Microsofts."

By using some of its bug tracking technology, Secunia was able to follow and analyze
the issues plaguing software during the first half of 2010. The firm conducted research
by looking at the most common applications on PCs, analyzing what vulnerabilities
arose during the last six months and then estimated this years total and compared it
with previous years totals.

Said Frei this analysis clearly identifies vulnerabilities from third-party programs to
be almost exclusively responsible for the increasing [vulnerability count] trend
observed since 2007. Data from the first half of 2010 shows that third-party program
vulnerabilities are the primary risk factor for typical end-user PCs."

The research found Windows XP and Vista vulnerabilities will likely increase by 31
and 34 percent, respectively, from 2009. While these numbers dont provide comfort,
they certainly dont compare to the exponential rise in third-party bugs, which are
expected to jump 92 percent in 2010, nearly doubling last years total. Furthermore, of
the vulnerabilities facing Windows XP users, 79 percent are attributable to third-party,
non-Microsoft software.

Reports from various antivirus software vendors have found an increased number of
attacks on Adobes Reader program, which is incredibly popular and utilized by many
Windows users. Thus, cyber criminals have found avenues to attack to enter Windows
OS and have done so increasingly. According to one vendor, Reader exploits rose 65
percent during 2010s first quarter compared to 2009 as a whole.

With the number of bugs unlikely to decrease, Frei stated users need to readily install
patches and thereby reduce the window of opportunity for criminals.

Third-party software vendors on the other hand must continue to strengthen their
software development to avoid such bug issues. A study conducted several years back
found that security flaws directly affect a software companys stock, decreasing as
much as 0.6 percent on a day when flaws are discovered.

Rachel Zee is a freelance writer for Software Development News. Her software
development coverage includes the bug and issue tracker space.