Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Discovering Microsoft's Vulnerabilities: Who is Who

202 Aufrufe

Veröffentlicht am

Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed the data of the last three and a half years with the aim of understanding who fixes what in the world of Microsoft products as well as the severity of these flaws. Thanks to this report we will gain an interesting insight into who really investigates Microsoft products, reports them in a responsible manner, as well as how many vulnerabilities are attributed to someone and how many are not (which might suggest that they are discovered by attackers).

Veröffentlicht in: Internet
  • Login to see the comments

  • Gehören Sie zu den Ersten, denen das gefällt!

Discovering Microsoft's Vulnerabilities: Who is Who

  1. 1. An Analysis on the vulnerabilities discovered in Microsoft products, their discoverers as well as theirgrade of severity Discovering Microsoft's Vulnerabilities: Who is Who
  2. 2. • • • • • •
  3. 3. • • • •
  4. 4. 0 20 40 60 80 100 120 140 160 2016 2017 2018 2019 Number of vulnerabilities attributed and non-attributed from 2016 to 2019 Attributed Non-Attributed
  5. 5. 3 3 4 4 5 6 6 7 9 10 13 15 15 15 18 20 24 32 41 53 88 237 241 349 377 535 ESET CyberArk Viettel Netflix NCSC Kryptos NSFOCUS Qi'anxin Kaspersky Check Point McAfee NCC Group FireEye Secunia Research Baidu Alibaba Orion Security Lab iDefense Fortinet Palo Alto Networks Hyundai AutoEver… Tencent Qihoo 360 Microsoft ZDI Google Other GOOGLEISTHE COMPANY FINDINGMORE VULNERABILITIESIN MICROSOFT'SPRODUCTS Total Number of Vulneabilities by Discoverer from April 2016 to Sept 2019
  6. 6. 0 0 7 26 206 363 245 1022 223 37 1% 10% 17% 12% 48% 10% 2% 1 2 3 4 5 6 7 8 9 10 Vulnerability distribution by CVSS Score, from April 2016 to Sept 2019
  7. 7. 0 1 2 3 4 5 6 7 8 9 10 ZDI Viettel Tencent Secunia Research Qihoo 360 Qi'anxin Palo Alto Networks Other NSFOCUS Netflix NCSC NCC Group Microsoft McAfee Kryptos Kaspersky iDefense Hyundai AutoEver Europe GmbH Google Fortinet FireEye ESET CyberArk Check Point Baidu Alibaba Orion Security Lab Score Range of Score, by Source
  8. 8. Alibaba Baidu Check PointCyberArk ESET FireEye Fortinet Google Hyundai iDefense KasperskyMcAfee Microsoft NCC Group NetflixNSFOCUS Palo Alto Networks Qi'anxin Qihoo 360 Secunia Research Tencent Viettel ZDI 0 50 100 150 200 250 300 350 400 450 5,0 5,5 6,0 6,5 7,0 7,5 8,0 Number of vulnerabilities Averaged Score Vulnerability distribution by Score and Discoverer; bubble size is proportionalto the number of vulnerabilities found
  9. 9. ⸺ Google Microsoft Qihoo 360 ZDI 0 20 40 60 80 100 120 140 160 180 2016 2017 2018 2019 Number of vulnerabilities Vulnerabilitiesfound by thefour major contributors
  10. 10. ꟷ 0% 10% 20% 30% 40% 2016 2017 2018 2019 Percentage ofnon-attributed vulnerabilities, possibly discovered by attackers; grey columns represent yearly total 25% 11% 12% 9%

×