The findings illuminated how thousands of cloud software solutions are being distributed by major companies like IBM, Dell, Oracle, Cisco, and Symantec with known, exploitable, and fixable security flaws.
Virtual appliances happen to be highly effective mediums for tech companies today to distribute their software. However, just like any piece of technology, they too are vulnerable.
A recent report by Orca Security effectively demonstrates so by scanning over 2,218 virtual appliance images that belong to 540 different Software companies with the majority of these located in North America – 69.3% of the entire pie. The results were very alarming as about 401,571 vulnerabilities were found in total.
See: Hackers exploit VPN, Windows flaws to influence US elections
These vulnerabilities could be traced to approximately 497 companies with the remaining 43 being completely free of vulnerabilities. Examples of the latter include Trend Micro, BeyondTrust, Pulse Secure, and Versasec.
To take things a step further and to get a more comprehensive picture, the researchers divided all of these software vendors into different categories based on their security strength as shown in the figure below:
Explaining the criteria used to assign an A grade, Orca states in its report that,
If a virtual appliance had no fixable vulnerabilities, and its operating system was currently maintained and supported, it would achieve a maximum score of 100. Of the 2,218 virtual appliances tested, only 4.6% (103) received this score.
What’s disappointing in this though is that the 15% failed lot includes renewable companies such as Intel, Cloudflare, and Symantec. This raises ..
Support the originator by clicking the read the rest link below.
