It will hardly come as a surprise to anyone to find out the number of reported new vulnerabilities increased in 2016. A new report by Risk Based Security shows how 85% more vulnerabilities were disclosed in 2016 compared to 2011. Given the mounting number of cyber attacks and data breaches, that number seems lower than it could have been. Unfortunately, this new report indicates we are now on a five-year streak with an increasing number of vulnerability reports annually.
2016 Was A Bad Year For Security In General
On the one hand, the new report shows companies and small businesses report new vulnerabilities more quickly. As these reports come in, security researchers and engineers can start working on solutions to make sure these security holes can’t be exploited in the future. Without proper communication, a lot of security vulnerabilities would remain undiscovered, allowing hackers to take advantage of these loopholes while they still exist.
On the other hand, this also means the number of reported vulnerabilities continues to grow. In 2016 alone, over 15,000 new security issues were reported, which is quite a staggering number to say the least. This is one of the numbers security experts would rather not see go up over time, as it goes to show companies and manufacturers are still not taking the right measures to keep consumers’ data safe. Not too long ago, the total number of data breaches in 2016 was disclosed, which paints a worrisome picture for the future.
Software security has been a problem for quite some time now. Ever since these reports started to show a growing number of vulnerabilities, things have only gotten progressively worse. Vendors continue to release software putting their clients at risk, without taking all of the potential repercussions into consideration. Researchers are disappointed as no sentient steps have been taken to improve overall software security throughout 2016.
To put this report into perspective, an average of 41 new security vulnerabilities have been reported every single day throughout 2016. That number is just simply unacceptable and needs to be improved rather quickly. What is even more troublesome is how a large portion of these of these reported exploits has been around since 2007. Nearly ten years later, some of those software bugs are still a threat, indicating the manufacturers and software engineers are not too bothered by fixing these gaping holes.
Surprisingly, an ex Mozilla engineer suggested that users drop all antivirus programs on their computers and only leave the default one installed. Reason being, many times these third party programs add more complexity to the computers security, breaking it as a result. Third party AV software can interfere with important updates and introduce new bugs, their unprofessional, invasive, and poorly-implemented code makes it difficult to standardize security practices.
The next logical step for these reports would be to hold vendors and engineers accountable for their security issues. Moreover, these reports can be used to file charges and demand a financial compensation for the damages suffered. Additionally, vendor response time to address these issues needs to be improved by quite a margin, as it still takes far too long before any reported vulnerability is fixed. For now, it remains unclear what the average response time is when someone reports an issue, as vendors are not keen on sharing those details.
Thankfully, there is one silver lining in this report as well. More vendors and manufacturers publicly disclose these vulnerabilities, which is an important first step towards improving device and software security. Coordinated disclose methods are becoming the new norm, which is a positive development. With security researchers and vendors working together to solve these problems, things can only improve from here on out. It remains to be seen if fewer vulnerabilities will be reported throughout 2017, though.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.