Press Release

HPI: Number of Serious Software Vulnerabilities Has Increased in 2015

Potsdam. In 2015 fewer software security vulnerabilities were reported worldwide than in the previous year. But at the same time the number of published vulnerabilities with a high level of severity has increased. According to an analysis performed by the German Hasso Plattner Institute (HPI), in the last twelve months alone at least 5,350 reports of software vulnerabilities have been registered or updated. In 2014 there were about 7,200 such vulnerabilities reported. The computer scientists’ overview shows that in comparison to the previous year there were more vulnerabilities with a high level of seriousness (i.e., about 2,000 in comparison to almost 1,800). There were markedly fewer indications of so-called vulnerabilities of a medium degree of severity, with about 2,800 registered in 2015. In 2014 around 4,800 were registered. There was little change in the amount of information on software vulnerabilities with minor impact.

At the same time, the HPI database for IT attack analysis (hpi-vdb.de) registered approximately 7,000 new software products and 400 new manufacturers in the course of 2015. More than 73,100 pieces of information on vulnerabilities are stored, which report on nearly 180,000 affected software programs from at least 15,500 manufacturers.

“Computer users need to remain vigilant in regard to the security situation surrounding software,” said HPI director Prof. Christoph Meinel. Every possibility should be used to update operating systems, Internet browsers, and other software applications in order to eliminate vulnerabilities, the Potsdam computer scientist said.

In the HPI database, the essential and freely available information published in the Internet on software vulnerabilities and problems is integrated and combined. The classification of vulnerabilities by criticality is based on the free, open, and heavily used industry standard CVSS (Common Vulnerability Scoring System). “We are not able to make statements about how many unknown, or as yet undiscovered vulnerabilities are hidden in a software,” said institute director Meinel.

He pointed out that all Internet users can check their browser free of charge at the website hpi-vdb.de. Using self-diagnosis, users can check their browser for detectable vulnerabilities, which are often used to the advantage of cyber criminals to carry out attacks. The HPI system detects the browser version used—including common plugins— and displays a list of known vulnerabilities. Software for the display of web content is used most frequently by hackers for attacks. The user moves through the Internet with a browser and consequently provides a starting point for attacks. HPI plans an expansion of the self-diagnosis service to other installed software.

Profile of Hasso Plattner Institute

The Hasso Plattner Institute for Software Systems Engineering GmbH (HPI) at the University of Potsdam is Germany’s university excellence center for IT-Systems Engineering. HPI is the only university institution in Germany offering the Bachelor’s and Master’s degree in “IT-Systems Engineering”—a practical and engineering-oriented alternative to conventional computer science studies. Current enrollment is at approximately 480 students. The HPI School of Design Thinking, Europe’s first innovation school for university students, is based on the Stanford model of the d.school. It offers 240 places annually for a supplementary course of study. There are a total of twelve HPI professors and over 50 guest professors, lecturers and contracted teachers at the Institute. HPI carries out research noted for its high standard of excellence in its ten topic areas. Research work is also conducted at the Potsdam HPI Research School for PhD candidates and at its branches in Cape Town, Haifa and Nanjing. HPI teaching and research focuses on the foundation and application of large-scale, highly complex and distributed IT systems. The development and exploration of user-driven innovations for all sectors of life is an additional area of importance. HPI always earns the highest positions in the CHE university ranking. Since September 2012, HPI has provided an interactive Internet learning platform - openhpi.de. Its free open online courses are available to everyone.zwerk an, das jedem offen steht.