March 25, 2015
In 2014, 15,435 vulnerabilities were discovered according to data from Secunia Research. The vulnerabilities are spread across 3,870 applications published by 500 different vendors, and these numbers alone demonstrate the challenge faced by IT teams trying to protect their environment against security breaches.
Obtaining full visibility to ascertain risk is not simple. In addition to known vulnerabilities in known products in the infrastructure, users have to deal with the opaque area that is bundling: vendors bundle their products with, for example, open source applications and libraries, complicating the customers’ chance of knowing which products are in fact present on their systems.
And, as the several incidents in 2014 of vulnerabilities in open source applications and libraries demonstrate, not all vendors can be relied upon to inform their users when vulnerabilities in open source applications affect their products.