1. Market Research
  2. > Software Market Trends
  3. > Analysis of the Global Public Vulnerability Research Market in 2013

Executive Summary—Key Findings

-In 2012, software vulnerabilities were reported publicly by research organizations.
-Software vulnerabilities form the basis of cyber attacks that resulted in more than major security breaches reported in 2012.
-Furthermore, million new malicious software programs (also called “malware”) were identified in 2012. Malware also benefits from vulnerable computing systems.
-Vulnerability research represents an invaluable security service considering the billions of dollars lost in data security breaches.
-Hackers targeting media applications, business applications, and content management platforms accounted for % of reported vulnerabilities.
-Individuals were responsible for % of vulnerabilities reported in 2012. This group was followed by security vendors, government entities, education institutions, and manufacturers, respectively.
-The top targeted applications in 2012 were Mozilla Firefox, Apple QuickTime, and Microsoft Internet Explorer.
-In 2012, The United States Computer Emergency Readiness Team (US-CERT) disclosed verified vulnerabilities. As a branch of the United States Department of Homeland Security (DHS), US-CERT conducts original vulnerability research and acts as a repository for vulnerability reports and analyses.

Research Methodology

-Vulnerability information included in this study is collected from publicly available Web sites.
-US-CERT Vulnerability Notes are a primary source of vulnerability data in this market insight.
-The National Vulnerability Database (NVD) provides severity metrics and technical data.
-A vulnerability must have a unique Common Vulnerabilities and Exposures (CVE) or US-CERT number assigned to qualify for inclusion as a vulnerability in this research service.
-Frost & Sullivan requires CVE numbers for report inclusion to eliminate the double reporting of vulnerabilities. This ensures that each vulnerability report counted represents a single vulnerability and is not a duplicate or configuration issue.
-Since Q1 2011, Frost & Sullivan has been recording non-CVE verified vulnerabilities for research laboratories. However, these vulnerabilities are not included in the competitive and overall analysis of the public vulnerability research market.
-Validation and qualitative information is based on analyst interviews with market participants and research from industry Web sites and forums, such as securityfocus.com, zdnet.com, and networkworld.com.
-The NVD provided Common Vulnerability Scoring System Version 2.0 (CVSS V2) scores and rankings for each vulnerability reported.
-CVSS is a widely accepted industry standard and is applied to most reported vulnerabilities.
-CVSS provides base scores that represent the innate characteristics of each vulnerability. This base score does not account for temporal and environmental conditions.
-In addition to the numeric CVSS scores, the research service provides severity rankings for each vulnerability. The analyst mapped qualitative rankings from numeric CVSS scores.
-Government research, individuals, manufacturers, and security vendor vulnerability reports contributed to this market insight. This research service also includes original vulnerability discoveries that are reported on research vendor Web sites.
-For a complete list of sources referred to in this insight, see vulnerability database sources.
-This market insight covers vulnerabilities reported in 2012.

Market Overview—Terminology and Definitions

-A security vulnerability is any error in an information technology (IT) system that can be exploited by an attacker to compromise the confidentiality or integrity of a system or to deny legitimate user access to a system.
-Other industry terms for security vulnerabilities include “software bug” and “flaw.”
-The Microsoft Windows family of operating systems includes Windows ME, Windows Server 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, and Windows 8.
-The Mac OS family of operating systems includes all versions of Mac OS X and Mac OS X Server.
-The Linux/Unix category of operating systems includes Linux and Unix-based operating systems, including Android OS.
-Individual reporting includes security researchers who report vulnerabilities to security vendors for disclosure. These individuals are either credited by name or remain anonymous.
-Government reporting refers to vulnerabilities disclosed by US-CERT.
-Manufacturer credit is given to organizations, such as Adobe, for disclosing a vulnerability in their own applications.
-Disclosure credit applied to security vendors includes organizations with research laboratories that find, gather, and disclose vulnerabilities.

Table Of Contents

Analysis of the Global Public Vulnerability Research Market in 2013
Executive Summary

Executive Summary—Key Findings

Research Methodology

Research Objectives

Market Overview

Market Overview—Public Vulnerability Reporting
Market Overview—Public Vulnerability Disclosure
Market Overview—Best Practices Public Vulnerability Disclosing
Market Overview—The Evolving Attacker
Market Overview—Terminology and Definitions
Market Overview—Key Questions This Insight Answers

Cyber Threat Analysis and Reporting

Introduction to Cyber Threat Analysis and Reporting
The Internet of Things
The Internet of Things—Healthcare
Mobile Malware
Web Browsers
Vulnerabilities and Social Media
Microsoft and Vulnerabilities
Attacks on Security Devices and Appliances
OpenSSL Virus Heartbleed Bug
Contributions from Security Services and Devices Vendors
Cyber Threat Environment : HP Perspective

Case Studies

Cyber Attacks Case Study: DarkSeoul
Vulnerability Case Study: D-Link and Planex Home Routers
Case Study—Oracle Outside In OS/2 Vulnerability

Market Trends in Public Vulnerabilities

Vulnerabilities Reported by Year
Vulnerabilities Reported by Quarter
Market Trends
Vulnerability Disclosure
Vulnerability Disclosure by Organization Type

Analysis of Vulnerabilities by Severity

Comparison of Targeted Applications

Targeted Applications
Analysis of Targeted Applications
Top Targeted Types of Applications
Disclosing Institutions: Web Browser Vulnerabilities
Disclosing Institutions: Media Applications Vulnerabilities
Disclosing Institutions: Server Vulnerabilities
Disclosing Institutions: Business Applications Vulnerabilities
Analysis of Targeted Applications by Type
Targeted Web Browser Type
Analysis of Targeted Web Browser Type
Targeted Operating Systems
Analysis of Targeted Operating Systems

Vulnerability Analysis

Vulnerability Definitions
Vulnerabilities Reported by Flaw Type (For 2012)
Vulnerabilities Reported by Flaw Type
Disclosing Institutions: Buffer Overflow Errors
Disclosing Institutions: Code Injection Errors
Top Impact Type
Analysis of Impact Types

Competitive Analysis

Competitive Analysis Verified Vulnerabilities
Competitive Analysis Verified and Unverified Vulnerabilities
Competitive Analysis Overview

Market Participants

Fortinet FortiGuard Labs
High-Tech Bridge
HP Security Research
HP Security Research —Zero Day Initiative
IBM X-Force
Market Participants Not Interviewed




Vulnerability Database Sources (for 2013)
List of Publications Cited in This Report
Legal Disclaimer

The Frost and Sullivan Story

Value Proposition: Future of Your Company and Career
Global Perspective
Industry Convergence
360º Research Perspective
Implementation Excellence
Our Blue Ocean Strategy

View This Report »

Get Industry Insights. Simply.

  • Latest reports & slideshows with insights from top research analysts
  • 24 Million searchable statistics with tables, figures & datasets
  • More than 10,000 trusted sources
24/7 Customer Support

Talk to Veronica

+1 718 514 2762

Purchase Reports From Reputable Market Research Publishers
2016 North American Mobile Enterprise Applications

2016 North American Mobile Enterprise Applications

  • $ 10000
  • Industry report
  • October 2016
  • by Frost & Sullivan

Opportunities within Enterprises The overall research objective was to measure the current use and future decision-making behavior toward mobile enterprise applications, including some specific focus on ...

The Analytics software systems: worldwide market shares 2015

The Analytics software systems: worldwide market shares 2015

  • $ 7999
  • Industry report
  • September 2016
  • by Analysys Mason

"The telecoms industry is increasing its spending on analytics software systems, but not to the extent that we predicted last year." This report assesses which vendors are leading in the analytics software ...

The LPWA networks for IoT: worldwide trends and forecasts 2015–2025

The LPWA networks for IoT: worldwide trends and forecasts 2015–2025

  • $ 7999
  • Industry report
  • July 2016
  • by Analysys Mason

Low-power, wide-area (LPWA) networks have the potential to grow to 3.5 billion connections, but no single sector is driving overall growth. This is in contrast to M2M networks, where automotive and transport ...

Download Unlimited Documents from Trusted Public Sources

Environmental Services Forecast Statistics in the US

  • October 2016
    7 pages
  • Environmental S...  

    Open Source  

    Water Distribut...  

  • United States  

    North America  

View report >

Crowdfunding Markets

  • October 2016
    3 pages
  • Middleware  



View report >

Wastewater Treatment Industry in the US

  • October 2016
    7 pages
  • Wastewater Trea...  

  • United States  

    North America  

View report >


Reportlinker.com © Copyright 2016. All rights reserved.

ReportLinker simplifies how Analysts and Decision Makers get industry data for their business.