Vulnerabilities in Security Products: for Computers 2006-2008

Vulnerabilities in security products for computers 2006-2009 Today, we have security products that despite the claims of sufficient security assurance are vulnerable to ever increasing security threats posed by attackers. The attackers can exploit the weakness in the system to manifest undesired system behaviors. Thus, software vulnerabilities and how attackers can exploit them is a subject of major concern for security product vendors. Much research has been invested in the area of vulnerabilities assessment and management. The goal of this thesis has been to find and examine the vulnerabilities in security products in the last three years. We list various types of vulnerabilities and provide a statistical analysis for each type in three year period. We conclude that arbitrary code execution, denial of service attacks or system control through increased privileges are some of the main options on the disposal of attackers. This thesis can serve as a reference document for readers interested in security area or the vendors who wish to have information on existing known vulnerabilities.