CyberSecurity Software Vulnerabilities

CyberSecurity Software Vulnerabilities



CyberSecurity Software Vulnerabilities

CyberSecurity Software Vulnerabilities



Total Views
Views on SlideShare
Embed Views



3 Embeds 112 108 3 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


110 of 10 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    CyberSecurity Software Vulnerabilities CyberSecurity Software Vulnerabilities Document Transcript

    • This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or This is a follow up to my previous assessment of CyberSecurity Threats and vulnerabilities. To add more clarity to the assessment of software vulnerabilities the following data was pulled from the Common Vulnerability and Exposure database. For added context below I have included statistics from Q1 RedSocks Report on Malware. I choose a sampling of the top brands and products used in most infrastructures today. I used three pieces of information for the assessment, the total number of products, total vulnerabilities and total exposures. Not all vulnerabilities have published exploits, but that does not diminish the potential risk associated with these vulnerabilities in the absence of formal Information Security Management System. After considering the type of vulnerabilities that exist and the number of products that the vendor produces we can draw some conclusions regarding their approach to Quality Management, information security and the protection of the businesses they protect from Cyber Criminals. Some of these vulnerabilities include Denial of Service, Overflow, Execute Code, Bypass Something, Gain Information, Gain Privilege, XSS, SQL Injection, Directory Traversal, CSRF, Memory Corruption, and File Inclusion. Each of these vulnerabilities represents a potential opportunity for Cyber Criminals. Total Products. Total Vulnerabilities. Total Exploits. Conclusion: The results speak for themselves, Quality Management does not appear to exist and consumers and organizations have been forced to take on security risks that should have been mitigated by the manufacturers and developers. Its time that information security was treated as important as financial data. Legislation for the quality of products facing the Internet needs to be imposed to stop the leaking. Governments creating CyberSecurity Armies are wasting their time. If information security was imposed on software developers and reinforced with regular audits and certifications CyberSecurity Risks would be dramatically reduced. Businesses would benefit from building better CyberSecure products by lowering operational risks and increasing market uptake. I was surprise that only one of the top 5 Enterprise, Resource and Planning system (ERP) vendors, (SAP), actually publishes vulnerabilities, I expected to see all of them. The top five are, #1.Epicor, #2.Infor, #3.Microsoft Dynamics, #4.Oracle Financials, and #5.SAP. What are the others hiding? I was also surprised to see some of the top security vendor products listed with serious deficiencies that potentially expose customers and weaken the defense in depth security architecture that many businesses and citizens have come to depend upon. These include CISCO, HP, VMWare, McAfee, Symantec and Alienvault. • Detection by Anti-Virus software 6,153,370 • Undetected 2,053,049 • Common Vulnerabilities & Exposures 61,439 • New malicious files 8,206,419