More Vulnerabilities Coming At Us More Quickly: Secunia

The number of PC vulnerabilities is going up, and going up fast, according to security firm Secunia. The first six months of 2010 witnessed close to 400 detected vulnerabilities. 2009 saw 420 for the whole year.More software -- more vulnerabilities.

That's one of the unavoidable conclusions drawn from Secunia's report on the first half of this year, a year that, if the trends the company perceives continue, will see the number of PC vulnerabilities nearly double before the end of the year.

The dramatic increase in the number of vulnerabilities is traceable, at least in large part, to the amount of software on user's computers.

Third-party software is a particular culprit, especially when it comes to exposing users to Internet-based risks.

The dilemma is that a lot of that software on your workers' computers may be software that you're not aware of, haven't approved and, even if vulnerabilities have available patches, may not have been patched on all (or any) machines in your business.

In other words, welcome to the real word, 2010-style.

The solution, or at least the response, to that reality takes a few forms.

Clearly, Secunia, as with any other security vendor, wants you to look at its offerings as an approach to dealing with mounting maladies. And that's a good general first step:

If you haven't reviewed your security vendor's products and technologies lately, and compared them to other products on the market, now's the time to do so.

Second, take the time to take an inventory and find out what your employees are running on their machines:

An audit or inventory of the software installed on company machines not only gives you a tally of what programs are out there and in need of patching or removal, it will also give you a sense of how lax (or solid) your installation of non-company-approved apps policy is.

Always assuming you have such a policy, of course. If you don't:

Putting a third-party and user-installed software policy in place is crucial, and should be at or near the top of the list for IT security this quarter. Patch policy must be central to your software policy.

And, to return to the first point, when review security vendors:

Look for products or security services that monitor every device and look for any new apps on your systems. Knowing what's in there will help you keep out the dangerous stuff that's out there.

The complete Secunia Half-year Report 2010 is here.

Don't Miss: Summer Worker Security