This information has been shared freely by Mark E.S. Bernard. If you find it useful please
acknowledge this contribution. ...
Upcoming SlideShare
Loading in...5
×

CyberSecurity Software Vulnerabilities

9,388

Published on

CyberSecurity Software Vulnerabilities

Published in: Business
13 Comments
5 Likes
Statistics
Notes
No Downloads
Views
Total Views
9,388
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
83
Comments
13
Likes
5
Embeds 0
No embeds

No notes for slide

CyberSecurity Software Vulnerabilities

  1. 1. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com This is a follow up to my previous assessment of CyberSecurity Threats and vulnerabilities. To add more clarity to the assessment of software vulnerabilities the following data was pulled from the Common Vulnerability and Exposure database. For added context below I have included statistics from Q1 RedSocks Report on Malware. I choose a sampling of the top brands and products used in most infrastructures today. I used three pieces of information for the assessment, the total number of products, total vulnerabilities and total exposures. Not all vulnerabilities have published exploits, but that does not diminish the potential risk associated with these vulnerabilities in the absence of formal Information Security Management System. After considering the type of vulnerabilities that exist and the number of products that the vendor produces we can draw some conclusions regarding their approach to Quality Management, information security and the protection of the businesses they protect from Cyber Criminals. Some of these vulnerabilities include Denial of Service, Overflow, Execute Code, Bypass Something, Gain Information, Gain Privilege, XSS, SQL Injection, Directory Traversal, CSRF, Memory Corruption, and File Inclusion. Each of these vulnerabilities represents a potential opportunity for Cyber Criminals. Total Products. Total Vulnerabilities. Total Exploits. Conclusion: The results speak for themselves, Quality Management does not appear to exist and consumers and organizations have been forced to take on security risks that should have been mitigated by the manufacturers and developers. Its time that information security was treated as important as financial data. Legislation for the quality of products facing the Internet needs to be imposed to stop the leaking. Governments creating CyberSecurity Armies are wasting their time. If information security was imposed on software developers and reinforced with regular audits and certifications CyberSecurity Risks would be dramatically reduced. Businesses would benefit from building better CyberSecure products by lowering operational risks and increasing market uptake. I was surprise that only one of the top 5 Enterprise, Resource and Planning system (ERP) vendors, (SAP), actually publishes vulnerabilities, I expected to see all of them. The top five are, #1.Epicor, #2.Infor, #3.Microsoft Dynamics, #4.Oracle Financials, and #5.SAP. What are the others hiding? I was also surprised to see some of the top security vendor products listed with serious deficiencies that potentially expose customers and weaken the defense in depth security architecture that many businesses and citizens have come to depend upon. These include CISCO, HP, VMWare, McAfee, Symantec and Alienvault. • Detection by Anti-Virus software 6,153,370 • Undetected 2,053,049 • Common Vulnerabilities & Exposures 61,439 • New malicious files 8,206,419

×