Featured Article from Software Licensing

Speed and Accuracy Critical to Heading off Software Vulnerabilities in 2017

December 29, 2016

As a whopper of a 2016 comes to a close, many in the technology sphere are looking to the New Year for growth and change. Unfortunately, when it comes to security, some things are slated to remain the same in 2017, including a steadily rising number of software vulnerabilities.

Software vulnerabilities are a fact of life, at least at this point in the evolution of technology and security. And according to Kasper Lindgaard, director of Secunia (News - Alert) Research at Flexera Software, which specializes in software vulnerabilities, the number of vulnerabilities is set to rise this year and through the foreseeable future. Lindgaard revealed some of the expected trends for the new year during a recent webinar.

In much more promising news, Secunia found that the number of vulnerabilities for which a patch was available at the time they became public was around 85 percent, demonstrating a push toward better and faster security in the software space. The boost in security practices can’t come too soon, since the company observed a recent rise in risks related to new technology trends like the Internet of Things (IoT), open source software (OSS) and third-party software components. And recent research from Verizon (News - Alert) shows that the first exploitation of a software vulnerability typically occurs 30 days after the vulnerability becomes public, indicating that speed and accuracy in reacting to vulnerabilities are of the essence.

Software developers should also be a aware that a majority of attacks target applications using old and well-known vulnerabilities, indicating that most of those vulnerabilities can be addressed before hacking activity ramps up. One of the biggest takeaways from the findings is that in 2017, security patches need to be applied before exploitation occurs to get ahead of vulnerabilities and malicious activity.

“In the age of cloud and mobility, the old network security practices are no longer enough to ensure the integrity of devices and data protection,” wrote Flexera. “For that reason, keeping devices and the applications they run up-to-date is a vital layer of security that can’t be neglected.” For many organizations, that will require changing their mindsets regarding security to a more proactive approach with improved patching and remediation practices.

2017 promises to be a significant year for the technology sector, as the IoT, cloud, mobility and other trends continue to mature and evolve. As long as organizations understand that software vulnerabilities will also evolve in tandem with other trends, and practice a proactive approach to vulnerability management, they can head off major breaches and malicious activity before it becomes a problem.

Edited by Maurice Nagle
Article comments powered by Disqus