Secunia

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Secunia
Type Privately held company
Founded 2002
Headquarters

Denmark

Copenhagen, Denmark
Area served Worldwide
Products Corporate Software Inspector
Personal Software Inspector
Online Software Inspector
Vulnerability Intelligence Manager
Website secunia.com

Secunia is an international IT security company specialising in vulnerability management based in Copenhagen, Denmark.

Secunia is known in the industry for its work on zero-day attack vulnerabilities and the creation of patch systems that encompass several software vendors.

Numbers of "unpatched" vulnerabilities in popular applications are frequently quoted in software comparisons.[1] Secunia has gained publicity and a notable reputation with the discovery of major zero day attack vulnerabilities in Internet Explorer and other widely used programs.[2]

History[edit]

Founders[edit]

Niels Henrik Rasmussen, Thomas Kristensen, Michael H Zaman, Thomas Pill, and Jakob Balle founded Secunia in 2002, on a budget of $26,000. Their focus was the development of applications to address vulnerabilities in software and operating systems.[citation needed]

Timeline[edit]

In its first year of trading, Secunia recouped its start-up costs and by 2004 had an annual revenue of 15 million DKK. Secunia was voted one of the “Best 3 Start Up Companies in Denmark during 2000-2005” by Connect Denmark in 2005[[:Category:{{{1}}}|{{{1}}}]] and gained endorsement from Gartner Group as one of the top five information sources on security intelligence.[citation needed]

In 2007, the company moved to Hammerensgade, Copenhagen. Here, research continued on the Personal Software Inspector (PSI) - an application for identifying security vulnerabilities across Windows systems. CNet voted PSI one of the six best new Windows programmes for its ability to detect out-of-date software and source updates.[3]

Development on the PSI continued with the company’s 2009 move to Weidekampsgade, and Secunia also released the Computer Software Inspector (CSI), a related product for the corporate market. Partnerships were forged with the Portuguese CERT and the German Heise, and the service was extended across Europe.[citation needed]

The Danish Private Equity Fund, Dansk Kapitalanlæg, acquired 31% of Secunia in 2010 after Secunia earned seven years of double-digit revenue[4] With this investment, Secunia spread into the North American market, where it began work with US states and local governments to address their cyber security, as well as significantly penetrated the personal and corporate markets. For this, it was awarded the 2011 Sullivan [Frost & Sullivan Award for Market Penetration.[5]

Secunia launched its Vulnerability Coordination Reward Programme (SVCRP) in 2011, offering incentives to researchers who identified potential security vulnerabilities]. In doing so, it followed in the footsteps of Google Chrome and Barracuda Networks, pioneers of this rewards scheme system.[6]

In 2012, Secunia formed a new partnership with the Center for Internet Security, Multi-State Information Sharing and Analysis Center (MS-ISAC) division, the cyber security focal point for US state, local, territorial, and tribal (SLTT) governments. The collaboration between Secunia and the MS-ISAC provides (SLTT) governments was designed to provide solutions for enhancing their vulnerability and patch management efforts, enabling them to further strengthen their defences against the increasingly complex cyber security challenges they face.[citation needed]

Today,[when?] Secunia is headquartered in Islands Brygge, Copenhagen, where it employs a workforce of 130.[citation needed]

Products[edit]

CSI[edit]

Secunia’s Corporate Security Inspector (CSI) was launched in 2008 to address the issue of Cyber-Vulnerability due to out-of-date software in the corporate market. Originally applicable only to Microsoft WSUS/SCCM, it expanded in 2011 to cover Apple products. It covers the key aspects of the patch management life cycle and integrates with network patch deployment tools.[citation needed]

VIM[edit]

The Vulnerability Intelligence Manager (VIM) is a tool that sends alerts to software administrators as an early warning system for possible security breaches. It was launched in 2011.[citation needed]

PSI[edit]

The Personal Software Inspector (PSI) is a freeware programme for online security. It scans the user’s computer to detect out-of-date programmes and pairs them with available updates in the Secunia database. Originally, the PSI provided users with links to updates, but newer versions automatically patch the various software without any input from the user. The PSI was the first software to allow PC users to perform this function.[7]

Version 3.0 of PSI launched at the 2012 RSA Conference in San Francisco.[8]

Events[edit]

RSA[edit]

In February 2012, Secunia attended the RSA Conference for internet security. The theme of the conference was “The Great Cipher Mightier Than the Sword”, referencing the use of cryptography in 17th century battles.[9]

InfoSecurity Europe[edit]

At the 2011 Infosecurity Europe event in London’s Earl’s Court Hall, Secunia lectured on end-point security and discussed vulnerabilities where perimeter protection fails. The event attracted over 10,000 visitors.

Membership[edit]

Information Security Forum (ISF)[edit]

The Information Security Forum is an independent, not-for-profit association of security experts worldwide. They meet to share knowledge and experience in order to develop the best practice methodologies for information security. Secunia joined in 2011.

Online Trust Alliance (OTA)[edit]

Secunia serves on the steering committee of OTA, an alliance that aims to “create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence, and the protection of businesses and consumers.”

The Open Group[edit]

The Open Group is a global consortium that uses information technology in order to achieve business aims. Secunia is a member and Stefan Frei spoke at its 2011 conference in London.

The Open Group's mission statement is to drive “Boundaryless Information Flow” [10] - a vision of an enterprise infrastructure where multiple sources of information are able to flow instantly to wherever they are required.

Financial Services Information Sharing and Analysis Center (FS-ISAC)[edit]

Secunia is an affiliate of FS-ISAC - a group set up by the financial services sector to share information relating to security vulnerabilities that could threaten U.S. Critical Infrastructure. The U.S. Department of the Treasury, Office of the Comptroller of the Currency (OCC), The U.S Department of Homeland Security (DHS), U.S. Secret Service, and Financial Services Sector Coordinating Council all recommend membership of FS-ISAC.

References[edit]

External links[edit]