We use security products to secure our systems and our businesses. However, the very security products we use, can themselves have vulnerabilities which can leave us susceptible to attacks. We conducted a study recently to understand the vulnerability trends in security products.Read further to know more on what we discovered this time around.

How was the research conducted?

We started off with some survey on the internet to find something closely related to vulnerability trends in security products. As part of our survey, we came across many interesting articles but could not find exactly what we were looking for. Finally, we decided to pull out data from NVD vulnerability database and run some SQL queries to create some interesting statistics.

Click here to download the full report

Key findings of the Report:

  • Total vulnerabilities reported in Security Products in 2012 have increased sharply with a CAGR of 37.29% over the last 3 Years. Tweet this!
  • Anti-Virus alone accounts for 49% of the vulnerabilities reported in Security Products followed by Firewall with 24%. Tweet this!
  • Top 3 Security vendors with maximum vulnerabilities published in 2012 are McAfee, Cisco followed by Symantec. Tweet this!
  • Top 3 Security products with maximum vulnerabilities published in 2012 are Rising-Global’s Antivirus , Cisco’s Adaptive Security Appliance and Ikarus Virus Utilities.Tweet this!
  • Access Control is the most prominent weakness in Security Products followed by Input Validation. Tweet this!
  • SQL Injection is the least found vulnerability among Security products in 2012. Tweet this!

Click here to download the full report

 

(Read more: How would you describe the CISO role on Twitter?)

 

Conclusion:

Security products have been targeted by the hackers from the time they were introduced in the market.It should be noted that vulnerability findings in security products and software follow similar trend as any other general purpose commercial or open source product. It is also quite evident from our study that security products are vulnerable to same type of vulnerabilities such as Buffer Overflow, MITM, Information leakage etc. as any other products used in the organizations.

Some of our major predictions:

  • There will be an increase in attacks on security products, companies or solutions.
  • The majority of vulnerabilities discovered will not become public and shall remain in the hands of APT (Advanced Persistent Threat) actors.

How to combat vulnerabilities in Security Products?

  • Ask for security certifications of the products and independent third party penetration testing reports as part of    procurement process.
  • Conduct independent penetration testing of security infrastructure/solutions.
  • Create an efficient detection and response mechanism.

Click here to download the full report

Disclaimer:

We have used well known vulnerability standards and database like Common Vulnerability Enumeration (CVE), Common Product Enumeration (CPE) and Nation Vulnerability Database (NVD). One of the major challenges we faced was in classifying the products into security and non-security products, as the current product standard (CPE) does not support it. We solved this challenge by considering that security products have certain keywords like, ‘ ID‘virus’, ‘firewall‘, ‘IPS‘, ‘scan’ etc. Hence there are chances of some date being missed and the report should be considered as indicative. iViZ disclaims all warranties, expressed or implied, with respect to this research for any particular purpose.

Original Blog: http://www.ivizsecurity.com/blog/penetration-testing/vulnerabilities-in-security-products-increasing-at-37-cagr/

 

 

 

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO Talk (Chennai Chapter) - AI Code Generation Risks: Balancing Innovation and Security

  • Description:

    We’re excited to invite you to an exclusive CISO Talk (Chennai Chapter) on “AI Code Generation Risks: Balancing Innovation and Security” featuring Ramkumar Dilli (Chief Information Officer, Myridius).

    In this session, we’ll explore how security leaders can navigate the risks of AI-generated code, implement secure development guardrails, and strike the right balance between innovation and security. AI…

  • Created by: Biswajit Banerjee
  • Tags: ciso talk

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee