All the latest UK technology news, reviews and analysis
|
|
|
25 Aug 2010
Vulnerability disclosures reached record levels in the first half of 2010,according to the latest report from IBM‘s X-Force security team.
The team’s mid-year trend and risk report documented 4,396 disclosed software vulnerabilities in the first six months of the year, a 35 per cent increase on 2009. This was attributed to software vendors disclosing more data and the increased number of security researchers now focused on finding flaws in code.
“Throughout the software industry people have got the message about computer security and are doing more to identify vulnerabilities and as a consequence we are seeing more,” Tom Cross, manager at X-Force, told V3.co.uk.
“So, paradoxically, code is actually getting more safe, but on the other side we’re seeing more exploits.”
Of the 2010 disclosures by all software companies, over half still have no patch available, rising to 71 per cent for critical or high-ranking vulnerabilities. In the latter case, Google is the worst offender, with 33 per cent of these important flaws still unpatched.
However, by taking all flaws into account Sun is the worst offender, with 24 per cent of vulnerabilities unpatched.
For the first time in the report’s history, web application vulnerabilities have reached 50 per cent of all code flaws reported. However, the report found that the number of problems related to ActiveX has fallen sharply, something Cross attributed to efforts by Microsoft and others to sort out the issues with the controls.
As for operating system vulnerabilities, Microsoft had the lion’s share of critical flaws disclosed so far this year, with Linux, Apple and HP-UX all seeing significant falls. However, if all types of vulnerability are taken into account, Apple has had the worst year so far, with Linux following closely behind.
On the spam front, volumes have continued to grow rapidly and now stand at their highest level ever. However, in some good news, spammers have been forced to change tactics by government action in China.
Latest stories from Management
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
The Company: My client based in Sheffield are one...
Binary Phase Shift Keying (BPSK) Modulation Consultant...
Java Games Developer, Online Gaming, London Key words...
Quant Dev, Quantitative Developer, RAD, Hedge Fund, Asset...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Is this really a surprise?
Off the top of my head, I would guess that 2009 had more vulnerabilities reported than 2008 which had more than 2007 which had more than 2006, etc. The question is, what is happening to the percentage increase year over year? Is that increasing, flattening, or going down? This would be the real news. craig kensek
Posted by: craig kensek 31 Aug 2010