Is Your Security Software Secure? Not So Much. One Reason? Vulnerable Open Source Components

New Flexera Software Vulnerability Update included 11 security products – many of which used open source components containing vulnerabilities

Maidenhead, U.K. – Nov. 29, 2016 – With security software serving on the front line – protecting individuals and enterprises from hacker threat – it may come up as a surprise that between August and October of 2016 – 11 security products were included on a list of products with the most software vulnerabilities.

Flexera Software, the leading provider of Software Vulnerability Management and open source security solutions, just released its Vulnerability Update[1] covering the Top 20 products with the most vulnerabilities in August, September and October, 2016. According to the report, of the 46 products appearing at least once in the list of top 20 products with the most vulnerabilities during those months, 11 were security-related products from vendors such as AlienVault, IBM, Juniper, McAfee, Palo Alto and Splunk.

Security Products Are Not Immune to Software Vulnerabilities
A vulnerability is simply a flaw in application code that, if left unpatched, can be exploited by hackers with malicious intent. Today’s report underscores the reality that all applications can contain vulnerabilities – even security software.

“It is important for organisations to understand that there will always be software vulnerabilities, and there will always be hackers with malicious intent, working to exploit those vulnerabilities,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software. “The good news is that the vast majority of vulnerabilities have patches available on the day they are made public. This means that companies and individual PC users that implement a Software Vulnerability Management solution can minimise their risk of attack – and the consequences of stolen data.”

Open Source Components Pose Significant Software Vulnerability Risk
Flexera Software’s Secunia Research team reviewed the vulnerabilities in the security products named in today’s report. They found that many of the vulnerabilities within those security products were actually imbedded in open source components used within those products.

According to Jeff Luszcz, Vice President of Product Management for Flexera’s Software Composition Analysis solutions, software producers and Internet of Things (IoT) manufacturers routinely use open source components within their software code. “Open source components constitute as much as 50 percent of the global code base. And, as the Heartbleed open source vulnerability reminds us, vulnerable open source components built into software products can cause global disruption if they are not discovered and patched prior to delivering software products to customers,” said Luszcz. “Every software and IoT producer must understand these risks, and leverage technology to automate open source component scanning, governance and vulnerability management.”

You can download the Vulnerability Update here: http://www.flexerasoftware.com/vulnerability-update-oct2016?utm_source=Marketwired&utm_campaign=VulnUpdateAug-Oct2016&utm_medium=PR

[1] The Vulnerability Update is a recurring report based on data from Flexera Software’s Vulnerability Database. It provides a Top 20 per month of products with the most vulnerabilities recorded over a three month period, along with brief comments from Secunia Research at Flexera Software.