Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...
Secunia report on treadmill of security software pain
Flaws in security products are among the most commonly encountered desktop software vulnerabilities, according to a new study.
Eleven of the 46 products that made it into monthly top 20 most vulnerable product charts between August and October were security packages, Secunia reports. Products from vendors including AlienVault, IBM, Juniper, McAfee, Palo Alto, and Splunk were featured in bug lists compiled by the Flexera Software-owned vulnerability management firm.
Many of the vulnerabilities within those security products were actually embedded in open-source components used within those packages, Secunia researchers discovered.
Security software is not immune to vulnerabilities, lest there be any doubts on the matter following the discoveries of flaws in antivirus software and more by bug hunters including Google's Tavis Ormandy.
"It is important for organisations to understand that there will always be software vulnerabilities, and there will always be hackers with malicious intent, working to exploit those vulnerabilities," warned Kasper Lindgaard, director of Secunia research at Flexera Software. "The good news is that the vast majority of vulnerabilities have patches available on the day they are made public."
Lindgaard advocates use of software vulnerability management technology as a means to minimise the risk of attack for both consumers and enterprises.
Flexera's stats relate to the top 20 products with the most vulnerabilities that featured on at least one occasion in three separate charts put together in August, September, and October. ®