By Niels Henrik Rasmussen
Since the inauguration of Secunia in 2002, we have offered a variety of free community services to aid you in staying secure online.
For years we have provided the world's best advisories with verified vulnerability intelligence. The vulnerability intelligence is based on broad information gathering and a rigorous testing and verification procedure where some of the world's most skilled vulnerability researchers and security specialists continuously conduct research to reproduce the reported vulnerabilities.
Once the advisories have been published, we select the most critical ones affecting popular applications and initiate an even more thorough and in-depth analysis. This analysis is conducted by some of our reverse engineers and source code auditors. Their task is to gain an almost 100% understanding of the “inner workings” of each individual vulnerability.
When analysing the vulnerabilities the reverse engineers and source code auditors document programming errors and code that may affect the attack vector and exploitation. This analysis, including support files like PoCs, exploits, and PCAPs, is provided as part of our Binary Analysis service to IDS / IPS vendors, AV vendors, large enterprises, and governments.
Secunia also puts a significant amount of resources into vulnerability research. Last year this resulted in Secunia being the most successful research company with a total of 68 vulnerabilities in significant software:
PSI, OSI, and the community
Today, the most widely used free community effort by Secunia is the Secunia PSI with 1,1 million installations. The free Secunia PSI helps keeping private computer systems up-to-date with the latest security updates for all programs. Another 3.000 daily users keep the 70 most common programs up-to-date using the browser based Secunia OSI.
The Secunia PSI received a 5 of 5 rating by download.com and was selected as 1 of 101 fantastic freebees by PCWorld.
Developing, supporting, and promoting the use of Secunia PSI and OSI has a high priority at Secunia. Currently we employ 3 people, who focus solely on the PSI; other staff also spend significant resources on development and management of the Secunia PSI project.
The Secunia PSI and OSI are also backed by an active online community where users can get support and help with updating software and other security related issues. In 2009, we will also be inviting the community to help translating and supporting the Secunia PSI in even more languages like we did with the first community translation to Spanish in December 2008.
The free Secunia PSI and Secunia OSI solutions utilise the same technology and the same Vulnerability Intelligence as the business edition. This combination of technology and intelligence allows easy and reliable tracking of thousands of missing security updates, end-of-life programs, as well as up-to-date software for users.
In the current turmoil of the global financial crisis, you can rest assured that Secunia will continue to provide the world's best software security update tool and vulnerability information free of charge to the community for use on private systems as well as conduct vulnerability research. We will, however, also seek to optimise our business to ensure that Secunia remain a sound and healthy business that can continue to afford investing in the community by charging businesses and governments for their use of our services and solutions on their systems.
Niels Henrik Rasmussen