Is Your Security Software Secure? Not So Much. One Reason? Vulnerable Open Source Components

1938 0

New Flexera Software Vulnerability Update included 11 security products – many of which used open source components containing vulnerabilities

Maidenhead, U.K.  With security software serving on the front line – protecting individuals and enterprises from hacker threat – it may come up as a surprise that between August and October of 2016 – 11 security products were included on a list of products with the most software vulnerabilities.

Flexera Software, the leading provider of Software Vulnerability Management and open source security solutions, just released its Vulnerability Update[1] covering the Top 20 products with the most vulnerabilities in August, September and October, 2016. According to the report, of the 46 products appearing at least once in the list of top 20 products with the most vulnerabilities during those months, 11 were security-related products from vendors such as AlienVault, IBM, Juniper, McAfee, Palo Alto and Splunk.

Security Products Are Not Immune to Software Vulnerabilities

A vulnerability is simply a flaw in application code that, if left unpatched, can be exploited by hackers with malicious intent. Today’s report underscores the reality that all applications can contain vulnerabilities – even security software.

“It is important for organisations to understand that there will always be software vulnerabilities, and there will always be hackers with malicious intent, working to exploit those vulnerabilities,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software. “The good news is that the vast majority of vulnerabilities have patches available on the day they are made public. This means that companies and individual PC users that implement a Software Vulnerability Management solution can minimise their risk of attack – and the consequences of stolen data.”

Open Source Components Pose Significant Software Vulnerability Risk

Flexera Software’s Secunia Research team reviewed the vulnerabilities in the security products named in today’s report. They found that many of the vulnerabilities within those security products were actually imbedded in open source components used within those products.

According to Jeff Luszcz, Vice President of Product Management for Flexera’s Software Composition Analysis solutions, software producers and Internet of Things (IoT) manufacturers routinely use open source components within their software code. “Open source components constitute as much as 50 percent of the global code base. And, as the Heartbleed open source vulnerability reminds us, vulnerable open source components built into software products can cause global disruption if they are not discovered and patched prior to delivering software products to customers,” said Luszcz. “Every software and IoT producer must understand these risks, and leverage technology to automate open source component scanning, governance and vulnerability management.”

You can download the Vulnerability Update here.

About Flexera Software
Flexera SoftwareFlexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software.  Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimised software investments, and to future-proof businesses against the risks and costs of constantly changing technology.  A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products.

In this article