Vulnerabilities in Security Products for Computers 2006-2008

Abstract: Vulnerabilities are rapidly increasing everyday, posing a major threat to security products. It is due to the flaws in the software during development and human negligence. Even if we are able to find the source, it is not easy to get rid of them with the dramatic discovery of threats exposed every month. Defending against attacks, we need to understand the vulnerabilities in a large scale. The security products, which are being told to provide security, contain a lot of vulnerabilities giving a headache to the security vendors around the globe. Information security breaches are increasingly widespread. Our aim is to find and examine the vulnerabilities in security products for the last three years. The overall conclusion is that the vulnerabilities in security products always result either in arbitrary code execution, denial of service or allow an attacker to take control of the system by taking in high privileges. We investigated computer products having vulnerabilities, analyzing more than 6000 advisories. Based on that information, we have extracted vulnerabilities specifically for the security products and showed them comprehensively in statistical format. Evaluation of vulnerabilities has been done for every year and based on that information; we compared the vulnerabilities occurring in the last three years.