All the latest UK technology news, reviews and analysis
|
|
|
02 Feb 2009
The security industry needs to reprioritise its response to disclosed software vulnerabilities in order to determine more effectively when emergency patching is most needed, according to the latest annual security trends report from IBM.
The 2008 X-Force Trends and Risk report found that a number of critical vulnerabilities disclosed in 2008 did not actually see widespread exploitation in the field.
IBM argues that the current Common Vulnerability Scoring System focuses on the technical aspects of a vulnerability, such as severity and ease of exploitation, and does not acknowledge that the main motivation for online criminals today is economic.
"We realise that cyber criminals are motivated by money, and we need to fully consider how attackers balance the economic opportunity of a vulnerability against the costs of exploitation," said Kris Lamb, senior operations manager of X-Force research and development for IBM Internet Security Systems.
"If the security industry can better understand the motivations of computer criminals we can be more precise about determining when widespread exploitation of a vulnerability will take a long time to emerge, and when it is unlikely to ever emerge. This analysis could result in more efficient use of time and resources."
The report also found a 13.5 per cent increase in newly discovered vulnerabilities last year compared to 2007, and that 53 per cent of all vulnerabilities disclosed during 2008 ended the year with no vendor patches issued.
In related news, a new wave of botnet activity has driven up spam volumes to the same levels they were before the McColo shutdown, according to new figures from managed security service provider MessageLabs.
"With botnets now responsible for as much as 80 per cent of all spam, the likelihood is that the increase in spam volumes in the last few days can be attributed to a new wave of activity from the Mega-D and Xarvester [botnets]," said Paul Wood, MessageLabs intelligence analyst at Symantec.
"As the botnet community becomes even more crowded, 2009 could be the year when spam levels reach an all-time high."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
C++ GUI Developer - Financial Services - London Tech...
This is an opportunity for a bright and talented Java...
C# Application Developer Location : Nottingham...
Experienced Web Developer Wanted for Financial Sector...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?