German University Says Severe Software Vulnerabilities Up in 2015

  • By Dian Schaffhauser
  • 01/14/16

A German institution that maintains an online database of software vulnerabilities found that the count for "serious" ones increased in 2015. According to Hasso Plattner Institute, while fewer software security vulnerabilities were reported worldwide in 2015 than in 2014, the number of published vulnerabilities with a high level of severity has increased. The university is concentrated on IT systems engineering, located in Potsdam.

Researchers tallied about 5,700 vulnerabilities throughout the year in HPI-VDB (the database for vulnerability analysis), compared to about 7,200 in 2014. However, while 2014 had about 1,800 weaknesses identified as "high severity," 2015 had about 2,000. However, that's still considerably down from 2008, when the database recorded a high of nearly 3,500 security flaws in software. Those assessed as medium severity dropped considerably from 2014 to 2015, while low severity vulnerabilities stayed nearly level.

The project, maintained by the IT Security Engineering Team at HPI, found that 7,000 new software products and 400 new development companies showed up in its database. The entire database stores more than 73,100 pieces of information on vulnerabilities, affecting 180,000 programs from 15,500 different software makers.

The data maintained in the HPI-VDB comes from multiple sources, primarily other publicly available Web sites with security information about vulnerabilities and security bulletins from vendors. Those include the Open Source Vulnerability Database (OSVD), Secunia, Carnegie Mellon University-run CERT, OVAL, SecurityFocus, Microsoft Security Bulletins and SAP Security Notes.

Users who register on the site are able to download information about single vulnerabilities in XML form. The researchers also make an API available for larger exports.

To protect users, HPI Director Christoph Meinel offered the same advice any security expert would: Patch software at every opportunity.

Next week the Institute will be hosting a two-week open course on maintaining privacy in social media. The MOOC is taught by computer scientist Anne Kayem and conducted in English.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • glowing brain, connected circuits, and abstract representations of a book and graduation cap on a light gray gradient background

    Snowflake Launches Program to Upskill 100,000 People in Data and AI

    Cloud data platform Snowflake is embarking on an effort to train and certify more than 100,000 users on its AI Data Cloud by 2027. The One Million Minds + One Platform program will provide Snowflake-delivered courses, training materials, and free access to Snowflake software, at no cost to learners.

  • two abstract humanoid figures made of interconnected lines and polygons, glowing slightly against a dark gradient background

    Microsoft Introduces Copilot Chat Agents for Education

    Microsoft recently announced Microsoft 365 Copilot Chat, a new pay-as-you-go offering that adds AI agents to its existing free chat tool for Microsoft 365 education customers.

  • hand touching glowing connected dots

    Registration Now Open for Tech Tactics in Education: Thriving in the Age of AI

    Tech Tactics in Education has officially opened registration for its May 7 virtual conference on "Thriving in the Age of AI." The annual event, brought to you by the producers of Campus Technology and THE Journal, offers hands-on learning and interactive discussions on the most critical technology issues and practices across K–12 and higher education.

  • Three cubes of noticeably increasing sizes are arranged in a straight row on a subtle abstract background

    A Sense of Scale

    Gardner Campbell explores the notion of scale in education and shares some of his own experience "playing with scale" — scaling up and/or scaling down — in an English course at VCU.