Security News > 2020 > October > Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances
Orca Security used its SideScanning technology to check virtual appliances for vulnerabilities and outdated operating systems.
The company scanned a total of more than 2,200 virtual appliances from 540 vendors in April and May, and identified over 400,000 vulnerabilities.
The virtual appliances were obtained from marketplaces associated with cloud platforms such as AWS, VMware, Google Cloud Platform, and Microsoft Azure, but Orca says these virtual appliances are in many cases the same as the ones provided directly by vendors.
Nearly a quarter of the tested vendors had virtual appliances that got an A grade and 12% got a B. However, 15% of the tested appliances got an F, including ones from CA Technologies, Software AG, Intel, Zoho, Symantec, A10 Networks, Cloudflare and Micro Focus.
"Simply because a vendor scores top marks doesn't mean all its virtual appliances are guaranteed to be risk-free. The data presented serves only as a guide, providing an idea as to how vendors approach the support and maintenance of their virtual appliances. Some scored well and deserve a measure of trust. Others have done badly, and their products should be approached with caution," Orca said in its report.