About Secure Software

Either it is fundamentally impossible to produce secure code, or skewed incentives within the industry have resulted in insufficient investment in the production of secure software.


.

Vulnerability Disclosures

Despite increased security investments of the software industry, the number of vulnerabilities found in relevent products was not reduced over the past decades. Either it is fundamentally impossible to produce secure code, or skewed incentives within the industry have resulted in insufficient investment in the production of secure software.

Data on vulnerabilities shows that there is no indication that the status quo will change any time soon, not least because software manufacturers have yet to produce secure software and, since they do not bear the costs and consequences of the vulnerabilities within their products, there is little to indicate that they ever will. The software industry at large is still unable to procude secure software.

.

Vulnerabilities - September 1997 to August 2017

.

Industry Trend

The software industry tends toward dominant firms, largely because of the benefits of interoperability, user base, or dominant platform/protocol/formats. Thus, just a few vendors provide the majority of widely used software products, which in turn are the most interesting targets for criminals. In fact, the top 10 software vendors and account for 0% percent of all vulnerabilities published in the last 12 months. These vendors jointly represent more than 80 percent of the market share of operating systems, web browsers, mail clients, and office applications.

.

.

Top 10 Vendors

With only a few vendors accounting for the majority of vulnerabilities, the security investment by a few vendors can have a significant effect on the industry and the number of users affected by vulnerabilities. The table below shows the history and trend in vulnerability numbers of the top 10 vendors with the most vulnerabilities in the last 12 months. The long term trend compares the number of vulnerability disclosures of the last 12 vs. preceeding 60 months (2016-09-01 to 2017-08-31). Zero of these 10 vendors reduced the number of vulnerabilities in their products on the long term.

.

# VENDOR HISTORY
20Y
TREND
60M
VULNS
AVG 60M
VULNS
LAST 12M
RISK
LAST 12M
About

HOME | TOOLS | BUG BOUNTY | TOP 10 | PUBLICATIONS IP Address: 54.92.158.65
Date Time: 2017-09-21 17:38:26
Recent Papers
Recent Press Coverage
© 2000-2017 Stefan Frei
techzoom.net