°øÁö : µµÄìÁõ±Ç°Å·¡¼Ò JASDAQ ½ºÅÄ´Ùµå ½ÃÀå ½Å±Ô »óÀå °ü·Ã ¾È³»

Global Information
ȸ»ç¼Ò°³ | ¹®ÀÇ | ºñ±³¸®½ºÆ®

¼¼°èÀÇ °øÀû Ãë¾à¼º Á¶»ç ½ÃÀå ºÐ¼®(2015³â)

Analysis of the Global Public Vulnerability Research Market, 2015

¸®¼­Ä¡»ç Frost & Sullivan
¹ßÇàÀÏ 2016³â 10¿ù »óǰ ÄÚµå 384195
ÆäÀÌÁö Á¤º¸ ¿µ¹® 117 Pages
°¡°Ý
US $ 4,950 £Ü 5,649,000 Web Access (Regional License) help
¸®¼­Ä¡»çÀÇ À¥»çÀÌÆ®¿¡ ·Î±×ÀÎÇÒ ¼ö ÀÖ´Â ÆÐ½º¿öµå°¡ ¹ß±ÞµÇ¸ç, PDF¸¦ ´Ù¿î·Îµå ¹Þ´Â ÇüÅ·ΠÁ¦°øµË´Ï´Ù. µ¿ÀÏ ±¹°¡ ³»¿¡ ÀÖ´Â »ç¾÷ÀåÀÇ ¸ðµç ºÐµéÀÌ ÀÌ¿ëÇÒ ¼ö ÀÖ´Â ¶óÀ̼±½ºÀ̸ç, ÀÌ¿ë Àοø¼ö Á¦ÇÑÀº ¾ø½À´Ï´Ù. ÅØ½ºÆ® µîÀÇ PDF ³»¿ë ÆíÁýÀº ºÒ°¡´ÉÇÕ´Ï´Ù. ÀμâȽ¼ö¿¡ Á¦ÇÑÀº ¾øÀ¸³ª, Àμ⹰ÀÇ ÀÌ¿ë ¹üÀ§´Â PDF ÀÌ¿ë ¹üÀ§¿¡ ÁØÇÕ´Ï´Ù.


¼¼°èÀÇ °øÀû Ãë¾à¼º Á¶»ç ½ÃÀå ºÐ¼®(2015³â) Analysis of the Global Public Vulnerability Research Market, 2015
¹ßÇàÀÏ : 2016³â 10¿ù ÆäÀÌÁö Á¤º¸ : ¿µ¹® 117 Pages

¡Ø º» »óǰÀº ¿µ¹® ÀÚ·á·Î Çѱ۰ú ¿µ¹®¸ñÂ÷¿¡ ºÒÀÏÄ¡ÇÏ´Â ³»¿ëÀÌ ÀÖÀ» °æ¿ì ¿µ¹®À» ¿ì¼±ÇÕ´Ï´Ù. Á¤È®ÇÑ °ËÅ並 À§ÇØ ¿µ¹®¸ñÂ÷¸¦ Âü°íÇØÁֽñ⠹ٶø´Ï´Ù.

¸Ö¿þ¾î, ¹ÙÀÌ·¯½º, ·£¼¶¿þ¾î, º¿³Ý µîÀÇ »çÀ̹ö À§ÇùÀº ÇØ¸¶´Ù È®´ëµÇ°í ÀÖ¾î ¸¹Àº ±â¾÷À̳ª °³ÀÎÀÌ ¿ì·Á¸¦ ¾È°í ÀÖ½À´Ï´Ù. Ãë¾à¼º ¹ß°ß ¹× º¸°í´Â ÀáÀçÀûÀÎ À§ÇùÀÇ ºÐ¼®°ú ´ëó½Ã ¸Å¿ì Áß¿äÇØÁö°í ÀÖ½À´Ï´Ù. 2015³â¿¡ º¸°í ¹× ÀÏ¹Ý °ø°³µÈ Ãë¾à¼º °Ç¼ö´Â Àü³â´ëºñ 43.8% Áõ°¡Çß½À´Ï´Ù.

¼¼°èÀÇ °øÀû Ãë¾à¼º Á¶»ç(Public Vulnerability Research : Ãë¾à¼º º¸°í, ÀÏ¹Ý °ø°³, ºÐ·ù ¾÷¹«) ½ÃÀå¿¡ ´ëÇØ ºÐ¼®ÇßÀ¸¸ç, °¢Á¾ »çÀ̹ö À§ÇùÀÇ µ¿Çâ°ú ÇöÀç ´ëÀÀ »óȲ, °øÀû Ãë¾à¼º ½ÃÀå µ¿Çâ(°ø°³µÈ Ãë¾à¼º °Ç¼ö, Áߴ뼺ÀÇ µ¿Çâ, Ç¥Àû ¾ÖÇø®ÄÉÀ̼Ç/ºê¶ó¿ìÀú Á¾·ù µî), Ãë¾à¼º °ø°ÝÀÇ ¿µÇâµµ¿Í ±× Á¾·ù¡¤µ¿Çâ µîÀÇ Á¤º¸¸¦ ÀüÇØµå¸³´Ï´Ù.

Á¦1Àå ÁÖ¿ä ¿ä¾à

Á¦2Àå ½ÃÀå °³¿ä

  • ½ÃÀå °³¿ä
  • ¹ö±×¹Ù¿îƼ ÇÁ·Î±×·¥ ¹× ÄÜÅ×½ºÆ®
  • Pwn2Own ÄÜÅ×½ºÆ®
  • Mobile Pwn2Own ÄÜÅ×½ºÆ®
  • ½ÃÀå °³¿ä : MITRE ¹× CVSS ScoringÀÇ ¿ªÇÒ
  • ºÐ¼® ¹æ¹ý

Á¦3Àå À§ÇùÀÇ Á¾·ù

  • ¸Ö¿þ¾î
  • ¸ð¹ÙÀÏ ¸Ö¿þ¾î
  • ·£¼¶¿þ¾î
  • º¿ ¹× º¿³Ý
  • APT(Advanced Persistent Threats : Áö´ÉÇü Áö¼Ó °ø°Ý)
  • À¥ ¹× ÇÇ½Ì °ø°Ý

Á¦4Àå °øÀû Ãë¾à¼º ½ÃÀå µ¿Çâ

  • Ãë¾à¼º º¸°í °Ç¼ö : ¿¬°£ ±â¹Ý
  • Ãë¾à¼º º¸°í °Ç¼ö : ºÐ±âº° ±â¹Ý
  • ½ÃÀå µ¿Çâ
  • Ãë¾à¼º °ø°³ »óȲ
  • Ãë¾à¼º °ø°³ »óȲ : Á¶Á÷ Á¾·ùº°

Á¦5Àå Ãë¾à¼º ºÐ¼® : Áߴ뼺º°

Á¦6Àå Ç¥Àû ¾ÖÇø®ÄÉÀ̼Ǻ° ºñ±³

  • Ç¥Àû ¾ÖÇø®ÄÉÀ̼Ç
  • Ç¥Àû ¾ÖÇø®ÄÉÀÌ¼Ç ºÐ¼®
  • ÁÖ¿ä Ç¥Àû ¾ÖÇø®ÄÉÀÌ¼Ç Å¬·¡½º
  • °ø°³ ±â°ü : ¹Ìµð¾î Ç÷¹À̾îÀÇ Ãë¾à¼º
  • °ø°³ ±â°ü : À¥ ºê¶ó¿ìÀúÀÇ Ãë¾à¼º
  • °ø°³ ±â°ü : OSÀÇ Ãë¾à¼º
  • °ø°³ ±â°ü : IT ¼­Æ÷Æ® ÅøÀÇ Ãë¾à¼º
  • Ç¥Àû ¾ÖÇø®ÄÉÀ̼ÇÀÇ ºÐ·ù : Ŭ·¡½º ¹× Á¾·ùº°
  • Ç¥Àû À¥ ºê¶ó¿ìÀúÀÇ Á¾·ù

Á¦7Àå Ãë¾à¼º ºÐ¼®

  • Ãë¾à¼ºÀÇ Á¤ÀÇ
  • Ãë¾à¼ºÀÇ º¸°í °Ç¼ö : °áÇÔ Á¾·ùº°
  • °ø°³ ±â°ü : ¹öÆÛ ¿¡·¯
  • °ø°³ ±â°ü : Use After Free(¸Þ¸ð¸® ÇØÁ¦ ÈÄ »ç¿ë) ¿¡·¯
  • °ø°³ ±â°ü : ÀÎÁõ, ±ÇÇÑ ºÎ¿© ¹× ¾×¼¼½º ÄÁÆ®·Ñ ¿¡·¯
  • ¿µÇâµµÀÇ ÁÖ¿ä Á¾·ù
  • °ø°³ ±â°ü : ¼­ºñ½º Á¤Áö/ºÎÁ¤ °³Á¶/Á¤º¸ °ø°³ÀÇ ¿µÇâµµ
  • ¿µÇâµµÀÇ Á¾·ù ºÐ¼®

Á¦8Àå °æÀï ºÐ¼®

  • Ãë¾à¼º ½ÃÀåÀÇ °æÀï ºÐ¼®

Á¦9Àå °øÀû Ãë¾à¼ºÀÇ °ø°³ »óȲ

  • °øÀû Ãë¾à¼ºÀÇ °ø°³ »óȲ : °ú°Å, ÇöÀç, ÇâÈÄ

Á¦10Àå °øÀû Ãë¾à¼º °ø°³ ¼­ºñ½º¸¦ Á¦°øÇϰí ÀÖ´Â º¸¾È Ç÷§ÆûÀÇ °³¿ä

  • Core Security
  • FortiGuard Labs(Fortinet)
  • Google Project Zero(Google)
  • High-Tech Bridge
  • IBM X-Force(IBM)
  • Secunia(Çö Flexera)
  • Secunia Research About Often-Targeted Applications(Adobe, Flash, Microsoft)
  • TippingPoint Zero Day Initiative(Trend Micro)
  • Trend Micro-TippingPoint Zero Day Initiative
  • US-CERT
  • Verisign(Verisign Labs)

Á¦11Àå °á·Ð

Á¦12Àå ºÎ·Ï

Á¦13Àå Frost & Sullivan ¼Ò°³

KSM 16.11.29

Growth of Public Vulnerability Disclosures, the Important Intermediary Between Commercial Threat Analysis and Cyber Grid Threat Reporting

The Frost & Sullivan report analyzes the global public vulnerability research market. The growth of cyber threats such as malware, viruses, ransomware, botnets and more are of great concern to companies and consumers. Uncovering and disclosing vulnerabilities is important for analyzing and countering potential threats.

The vulnerability material that is collected, queried, and segmented provides rich qualitative commentary on the vulnerability research industry and community of contributors, and recognizes the most prolific disclosers of new vulnerabilities.

Research Scope

  • Total number of public vulnerabilities
  • Market trends of severity levels
  • Market trends of applications and classes of applications
  • Market trends of different vulnerability flaws

In 2015, public vulnerability disclosures increased 43.8% over the previous year. Researchers are covering a wider breadth of applications, such as media players, operating systems, office products, web browsers and many more. There have also been notable changes among the key players. Trend Micro acquired HP TippingPoint and Google Project Zero launched in mid-2014.

The different types of threats which can exploit vulnerabilities are discussed in this report. Frost & Sullivan also conducted competitive analysis of the research institutions involved in disclosing vulnerabilities.

Key Questions this Study Answer

  • Which institutions have disclosed the most vulnerabilities and what types?
  • Which applications have had the most public vulnerabilities?
  • Have severity levels changed?

What are the most likely impacts threats will have on exploitable vulnerabilities?

Table of Contents

1. Executive Summary

  • Executive Summary-Key Findings

2. Market Overview

  • Market Overview
  • Market Overview (continued)
  • Market Overview (continued)
  • Bug Bounty Programs and Contests
  • Pwn2Own Competition
  • Pwn2Own Competition (continued)
  • Mobile Pwn2Own Competition
  • Market Overview-The Role of MITRE and CVSS Scoring
  • Market Overview-The Role of MITRE and CVSS Scoring (Continued)
  • Market Overview-The Role of MITRE and CVSS Scoring (Continued)
  • Research Methodology
  • Research Methodology (continued)

3. Types of Threats

  • Malware
  • Malware (continued)
  • Malware (continued)
  • Malware (continued)
  • Mobile Malware
  • Mobile Malware (continued)
  • Ransomware
  • Bots and Botnets
  • Bots and Botnets (continued)
  • Advanced Persistent Threats (APT)
  • Advanced Persistent Threats (APT) (continued)
  • Web and Phishing Attacks

4. Market Trends in Public Vulnerabilities

  • Vulnerabilities Reported by Year
  • Quarterly Reported Vulnerabilities
  • Market Trends
  • Market Trends (continued)
  • Market Trends (continued)
  • Vulnerability Disclosure
  • Vulnerability Disclosure (continued)
  • Vulnerability Disclosure (continued)
  • Vulnerability Disclosure by Institution Type
  • Vulnerability Disclosure by Institution Type (continued)
  • Vulnerability Disclosure by Organization Type (continued)

5. Analysis of Vulnerabilities by Severity

  • Analysis of Vulnerabilities by Severity
  • Analysis of Vulnerabilities by Severity (continued)
  • Analysis of Vulnerabilities by Severity (continued)
  • Analysis of Vulnerabilities by Severity (continued)
  • Analysis of Vulnerabilities by Severity (continued)
  • Analysis of Vulnerabilities by Severity (continued)
  • Analysis of Vulnerabilities by Severity (continued)
  • Analysis of Vulnerabilities by Severity (continued)
  • Analysis of Vulnerabilities by Severity (continued)

6. Comparison of Targeted Applications

  • Targeted Applications
  • Analysis of Targeted Applications
  • Top Targeted Class of Applications
  • Disclosing Institutions: Media Player Vulnerabilities
  • Disclosing Institutions: Web Browser Vulnerabilities
  • Disclosing Institutions: Operating System Vulnerabilities
  • Disclosing Institutions: IT Support Tools Vulnerabilities
  • Analysis of Targeted Applications by Class
  • Analysis of Targeted Applications by Type (continued)
  • Targeted Web Browser Type
  • Targeted Web Browser Type (continued)
  • Analysis of Targeted Web Browser Type

7. Vulnerability Analysis

  • Vulnerability Definitions
  • Vulnerability Definitions (continued)
  • Vulnerabilities Reported by Flaw Type (2014)
  • Vulnerabilities Reported by Flaw Type (2015)
  • Disclosing Institutions: Buffer Errors
  • Disclosing Institutions: Use After Free Errors
  • Disclosing Institutions: Permissions, Privileges, and Access Control Errors
  • Top Impact Type (2014)
  • Top Impact Type (2015)
  • Disclosing Institution: Disruption-of-Service/Unauthorized Modification/Disclosure of information Impacts
  • Analysis of Impact Types

8. Competitive Analysis

  • Competitive Analysis Vulnerabilities
  • Competitive Analysis Vulnerabilities (continued)
  • Competitive Analysis Vulnerabilities (continued)
  • Competitive Analysis (continued)

9. The Status Of Public Vulnerability Reporting

  • The Status of Public Vulnerability Reporting-Then, Now, and in the Future
  • The Status of Public Vulnerability Reporting-Then, Now, and in the Future (continued)
  • The Status of Public Vulnerability Reporting-Then, Now, and in the Future (continued)

10. Profiles of Security Platform Providers Offering Public Vulnerability Disclosure

  • Core Security
  • FortiGuard Labs (Fortinet)
  • Google Project Zero (Google)
  • Google Project Zero (Google) (continued)
  • Google Project Zero (Google) (continued)
  • High-Tech Bridge
  • IBM X-Force (IBM)
  • IBM X-Force (IBM) (continued)
  • IBM X-Force (IBM) (continued)
  • Secunia (now Flexera)
  • Secunia (now Flexera) (continued)
  • Secunia Research About Often-Targeted Applications (Adobe, Flash, and Microsoft)
  • TippingPoint Zero Day Initiative (Trend Micro)
  • Trend Micro-TippingPoint Zero Day Initiative
  • US-CERT
  • Verisign (Verisign Labs)

11. Conclusions

  • Conclusions

12. Appendix

  • Vulnerability Database Sources (for 2015)
  • List of Publications Cited in This Report
  • Legal Disclaimer

13. The Frost & Sullivan Story

  • The Frost & Sullivan Story
  • Value Proposition: Future of Your Company & Career
  • Global Perspective
  • Industry Convergence
  • 360° Research Perspective
  • Implementation Excellence
  • Our Blue Ocean Strategy
Back to Top
ÀüÈ­ ¹®ÀÇ
F A Q