Two security researchers have discovered more than 220 Trend Micro security vulnerabilities in the past 6 months. 194 of those vulnerabilities were rated as critical and could potentially allow hackers to remotely execute code without any need for user interaction.
The vulnerabilities are spread across 11 different products produced by the cybersecurity firm, and one of those vulnerabilities, which affects Trend Micro’s Data Loss Prevention, could potentially allow hackers to compromise an entire network. In total, Roberto Liverani and Steven Seeley have passed on details of 223 Trend Micro security vulnerabilities to the company since July 29, 2016.
A statement released by Trend Micro confirmed that the company takes all security vulnerabilities seriously, saying “we are dedicated to rapidly addressing any issues that are uncovered by the research community.” According to a recent article in Forbes, Seeley confirmed that Trend Micro did respond quickly when advised of the vulnerabilities.
In recent years, there has been an increased focus on security vulnerabilities in software. More security researchers are looking at products to find potential flaws. Consequently, with more eyes on companies’ code, flaws are more likely to be discovered.
Trend Micro is not alone. Many antivirus software developers have been discovered to have released products with multiple flaws, and while those flaws are addressed promptly when discovered, the discoveries do not inspire trust in the products. That said, it would be unreasonable to expect software to be totally free from flaws, even software that has been developed to effectively managed cybersecurity risk.
However, the discovery of so many vulnerabilities in one company’s product suite is certainly a cause for concern. Unsurprisingly, Trend Micro has received some criticism as to why the flaws were not picked up internally during code reviews.
If third-party researchers are able to find the flaws using a similar methodology to that used by the developers of cybersecurity solutions, there is no reason why the flaws cannot be found before the products are released for sale, and certainly during post-market testing.