Security Factsheets: A new look at vulnerability data

Secunia today announced their Security Factsheets, designed for those who are interested in understanding the historical development of advisories and vulnerabilities in various programs.

Released quarterly, the factsheets present data in a standardized format and outline the development in advisories and vulnerabilities for a specific application, system, or a plug-in.

For each specific program, the factsheet provides the reader with:

• Cumulative number of advisories of the two recent 12 month periods (YoY)
• Cumulative number of vulnerabilities of the two recent 12 month periods
• Attack vector in # of advisories
• Criticality in # of advisories
• Classification of the impact of successful exploitation on the affected system
• Solution status at the day of advisory disclosure
• Time to patch for advisories disclosed and patched in the last 24 months.

Stefan Frei, Research Analyst Director, Secunia comments: “In the software industry we still lack coherent, standardized, and scheduled reporting of important security parameters for software products. In the finance industry, for example, key performance parameters are reported yearly or quarterly to consistently provide interested parties, and the public, with relevant information for decision-making and risk assessment. We thus created the Secunia Security Factsheets to fill this gap for our industry and help answer many questions that otherwise required extensive manual data mining.”