I recently met a colleague for lunch who works for an anti-virus vendor. During our conversation my lunch colleague highlighted some embarrassing mistakes his own company recently made with regards to faulty updates to their products. I pointed out that Symantec recently crippled millions of PCs in China with a faulty signature update. While this amused my colleague it made me think what other issues have appeared in the software we depend on to secure our systems and vital data.
I have to admit what I found was depressing; over 144 vulnerabilities are known to have occurred in the software we use to protect our systems. Don’t forget that there also may be additional vulnerabilities out there that are not yet public and either are known to the vendors as part of their own Q&A or are known to the bad guys who would rather keep the information for themselves so they can better attack their targets. My findings are below.
Most of the major vendors be that commercial or open source, have been affected. Of the 144 vulnerabilities, 35 were in various anti-virus software products with over 30 vulnerabilities being discovered in firewall technology. So I guess the main messages to conclude are;
Finally for those of you that are interested please find a list of all the vulnerabilities identified within the US National Vulnerability Database so far this year. I have listed the products alphabetically, if you spot one of the products you use on this list then I recommend you check and make sure it is up to date with the latest version, after all you would not drive your car knowing the brakes may be faulty!