If anyone ever needed a great example for the lectures they give friends, relatives or employees about the importance of installing software updates, here it is.
Security firm Cenzic ( http://www.cenzic.com/company/ ) has made public a report documenting 3,100 vulnerabilities that affect the software used on web sites and in browsers! The report included patched and unpatched vulnerabilities.
Cenzic, which provides software as a service, said in their report “Web Application Security Trends Report Q1-Q2, 2009” that Cross Site Scripting and SQL Injection vulnerabilities were a factor in half of all web attacks.
They said 87 per cent of web applications their researchers looked at “had serious vulnerabilities that could potentially lead to the exposure of sensitive or confidential user information during transactions.”
On the server side, they said Apache, Citrix, F5 Networks, IBM, PHP, SAP, Sun and Symantec all ran software with vulnerabilities.
On the browser side, they said Firefox (44 percent of the vulnerabilities) and Safari (35 percent) had the most flaws. Internet Explorer had 15 per cent and Opera six percent, they said. They apparently didn’t review Google’s Chrome. They added that Firefox vulnerabilities were patched much quicker then Internet Explorer.
Story here.
Tom Kelchner