Report concludes number of security vulnerabilities is falling
Secunia's security report for 2011 concludes that the absolute number of security vulnerabilities being discovered is falling. This is true in comparison both with the previous year and over a five-year period. This should not, however, be taken as a signal by users to let their guard down.
Security services provider Secunia counted only 3,551 security vulnerabilities with a unique CVE number in 2011 – 14% fewer than in 2010 and 24% fewer than five years ago in 2006. Confusingly, the downward trend does not apply to the most significant software companies – of the 20 companies whose software was responsible for the largest number of vulnerabilities in 2010, not one has seen a fall in the number of vulnerabilities over the last five years and only seven have seen a fall over the last year.
The number of security vulnerabilities in software commonly found on end user Windows systems has also risen sharply. The number of disclosed vulnerabilities in the "top 50 portfolio" has risen to 870 – this figure has more than tripled since 2007. Over the years, the number of vulnerabilities in the 28 Microsoft programs (MS on the diagram) in the top 50 has remained almost constant. The increase is almost exclusively down to the sharp increase in the number of vulnerabilities in the 22 third party products (TP).
(ehe)