LAS VEGAS. Few people have ever found as many bugs in Adobe’s Flash as Google Project Zero security researcher Natalie Silvanovich. In a session at the Black Hat USA conference here Silvanovich detailed the year in Flash bugs and what a year it has been.
In December of 2015 over 79 bugs were found and even more flaws found in the first six months of this year. That said. Silvanovich emphasized that it’s now harder than ever before for security researcher to actually find flaws in Flash.
“I used to find a bug a day in Flash, now it’s more like one a week,” Silvanovich said.
She added that while some bug classes are drying up,other are taking their place. Flash mitigations are now making it more difficult to exploit bugs, especially low-quality bugs.
The timing however isn’t favorable for Flash as all major browser vendor have announced plans to deprecated Flash support in the coming year. Once that happens Silvanovich expect that she’ll at some point have to move on to a new area of security research.
“Personally i think the next thing will be browsers so that’s what i’ll look at next,” Silvanovich said.
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist