Secunia

Secunia

Type	Privately held company
Founded	2002
Headquarters	Copenhagen, Denmark Denmark
Area served	Worldwide
Products	Corporate Software Inspector Personal Software Inspector Online Software Inspector Vulnerability Intelligence Manager

Secunia is an international IT security company specialising in vulnerability management based in Copenhagen, Denmark.

Based in Copenhagen, it is known in the industry for its work on zero-day attack vulnerabilities and the creation of patch systems that encompass several software vendors.

Numbers of "unpatched" vulnerabilities in popular applications are frequently quoted in software comparisons.^[1] Secunia has gained publicity and a notable reputation with the discovery of major zero day attack vulnerabilities in Internet Explorer and other widely used programs.^[2]

1 History
- 1.1 Founders
- 1.2 Timeline
2 Products
- 2.1 CSI
- 2.2 VIM
- 2.3 PSI
3 Events
- 3.1 RSA
- 3.2 InfoSecurity Europe
4 Membership
5 References
6 External links

History

Founders

Secunia was founded in 2002 by Niels Henrik Rasmussen, Thomas Kristensen, Michael H Zaman, Thomas Pill and Jakob Balle, on a budget of $26,000. Their focus was the development of applications to address vulnerabilities in software and operating systems.

Timeline

In its first year of trading, Secunia recouped its start-up costs and by 2004 had an annual revenue of 15 million DKK. Secunia was voted one of the “Best 3 Start Up Companies in Denmark during 2000-2005” by Connect Denmark in 2005 and gained endorsement from Gartner as one of the top five information sources on security intelligence.

In 2007, the company moved to Hammerensgade, Copenhagen. Here, research continued on the Personal Software Inspector (PSI) - an application for identifying security vulnerabilities across Windows systems. PSI was voted by Download as one of the six best new Windows programmes for its ability to detect out-of-date software and source updates.

Development on the PSI continued with the company’s 2009 move to Weidekampsgade, while the CSI was also released - a related product for the corporate market. Partnerships were forged with the Portuguese CERT and the German Heise, and the service was extended across Europe.

The Danish Private Equity Fund, Dansk Kapitalanlæg, acquired 31% of Secunia in 2010 after seven years of double-digit revenue growth. With this investment, Secunia spread into the North American market, where it began work with US states and local governments to address their cyber-security, as well as significantly penetrating the personal and corporate markets. For this, it was awarded the 2011 Sullivan Frost & Sullivan Award for Market Penetration.</ref>

Secunia launched its Vulnerability Coordination Reward Programme (SVCRP) in 2011, offering incentives to researchers who identified potential security vulnerabilities. In doing so, it followed in the footsteps of Google Chrome and Barracuda Networks, pioneers of this rewards scheme system.

In 2012 Secunia formed a new partnership with the Center for Internet Security, Multi-State Information Sharing and Analysis Center (MS-ISAC) division, the cyber security focal point for US state, local, territorial and tribal (SLTT) governments. The collaboration between Secunia and the MS-ISAC provides (SLTT) governments with solutions for enhancing their vulnerability and patch management efforts, enabling them to further strengthen their defences against the increasingly complex cyber security challenges they face.

Today, Secunia is headquartered in Islands Brygge, Copenhagen, where it employs a workforce of 130.

Products

CSI

Secunia’s Corporate Security Inspector (CSI) was launched in 2008 to address the issue of Cyber-Vulnerability due to out-of-date software in the corporate market. Originally applicable only to Microsoft WSUS/SCCM, it expanded in 2011 to cover Apple products. It covers the key aspects of the patch management life cycle and integrates with network patch deployment tools to deploy the patches.

VIM

The Vulnerability Intelligence Manager (VIM) is a tool that sends alerts to software administrators as an early warning system for possible security breaches. It was launched in 2011.

PSI

The Personal Software Inspector (PSI) is a freeware programme for online security. It scans the user’s computer to detect out-of-date programmes and pairs them with available updates in the Secunia database. Originally, the PSI provided users with links to updates, but newer versions automatically patch the various software without any input from the user. The PSI was the first software to allow PC users to perform this function.

Version 3.0 of PSI launched at the 2012 RSA Conference in San Francisco.

Events

RSA

In February 2012, Secunia attended the RSA Conference for internet security. The theme of the conference was “The Great Cipher Mightier Than the Sword”, referencing the use of cryptography in 17th century battles.

InfoSecurity Europe

At the 2011 Infosecurity Europe event in London’s Earl’s Court Hall, Secunia lectured on end-point security and discussed vulnerabilities where perimeter protection fails. The event attracted over 10,000 visitors.

Membership

Information Security Forum (ISF)

The Information Security Forum is an independent, not-for-profit association of security experts worldwide. They meet to share knowledge and experience in order to develop the best practice methodologies for information security. Secunia joined in 2011.

Online Trust Alliance (OTA)

Secunia serves on the steering committee of OTA, an alliance that aims to “create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence, and the protection of businesses and consumers.”

The Open Group

The Open Group is a global consortium that uses information technology in order to achieve business aims. Secunia is a member and Stefan Frei spoke at its 2011 conference in London. The Open Group's mission statement is “Boundaryless Information Flow” - a vision of an enterprise infrastructure where multiple sources of information are able to flow instantly to wherever they are required.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Secunia is an affiliate of FS-ISAC - a group set up by the financial services sector to share information relating to security vulnerabilities that could threaten U.S. Critical Infrastructure. The U.S. Department of the Treasury, Office of the Comptroller of the Currency (OCC), The U.S Department of Homeland Security (DHS), U.S. Secret Service, and Financial Services Sector Coordinating Council all recommend membership of FS-ISAC.

References

^ For example:
"Mac OS X security myth exposed. And thousands of other products and OSes given security rundown.". 2004-06-24. Retrieved 2010-03-07.
"Secunia: Average insecure program per PC rate remains high". 2009-06-25. Retrieved 2010-03-07.
^ Naraine, Ryan (2006-05-01). "Internet Explorer Security Problems Multiply". eWEEK. Retrieved 2006-06-04.

External links

Secunia website
Secunia PSI website
Lists of advisories by product Lists of known unpatched vulnerabilities

Contents