"Half of All Virtual Appliances Have Outdated Software and Serious Vulnerabilities"
A new study by Orca Security, a cloud security company, found cases of poor security flaw patching and software component updating for virtual appliances among many software vendors. Orca Security's scan of more than 2,200 virtual appliance images from 540 vendors detected over 400,000 vulnerabilities. These images were being distributed via the public marketplaces of VMware, Amazon Web Services (AWS), Google Cloud Platform, and other common cloud platforms. The number of vulnerabilities discovered per virtual appliance stem from infrequent updates to the appliance. Orca Security's recommended steps for reducing security risks associated with virtual appliances involve asset management, the use of vulnerability management tools, the identification of the most severe vulnerabilities to prioritize actions, and more. This article continues to discuss key findings from Orca Security's study on the state of virtual appliance security, the mixed response from vendors to these findings, and how the security of virtual appliances can be improved.