The total number of vulnerabilities saw a drop, though
Less number of software security vulnerabilities were reported worldwide in 2015, as compared to 2014. However, vulnerabilities with a high level of severity increased by almost 16%, according to an analysis performed by Hasso Plattner Institute (HPI), based in Germany. At least 5,350 reports of software vulnerabilities have been registered or updated in HPI database, the organization said in a release.
In 2014 there were about 7,200 such vulnerabilities reported. The computer scientists' overview shows that in comparison to the previous year there were more vulnerabilities with a high level of seriousness (i.e., about 2,100 in comparison to almost 1,800). There were markedly fewer indications of so-called vulnerabilities of a medium degree of severity, with about 2,800 registered in 2015. In 2014 around 4,800 were registered. There was little change in the amount of information on software vulnerabilities with minor impact.
At the same time, the HPI database for IT attack analysis registered approximately 7,000 new software products and 400 new manufacturers in the course of 2015. More than 73,100 pieces of information on vulnerabilities are stored, which report on nearly 180,000 affected software programs from at least 15,500 manufacturers.
"Computer users need to remain vigilant in regard to the security situation surrounding software," said HPI director Prof. Christoph Meinel. Every possibility should be used to update operating systems, Internet browsers, and other software applications in order to eliminate vulnerabilities, the Potsdam computer scientist said.
In the HPI database, the essential information published in the Internet on software vulnerabilities is integrated. The classification of vulnerabilities by criticality is based on the free, open, and heavily used industry standard CVSS (Common Vulnerability Scoring System).
Interestingly, the data from HPI shows that overall vulnerabilities have come down since 2006-2008 time period.