All the latest UK technology news, reviews and analysis


HP sees 8,000 software vulnerabilities in 2012 as threats escalate

26 Feb 2013
Concept image representing virus malware

HP has reported that the number of software vulnerabilities disclosed in 2012 topped 8,000, a near 20 percent increase on the previous year.

According to HP's 2012 Cyber Risk Report the majority of disclosures were rated as posing a "mid-level" threat for businesses, with web applications highlighted as a significant risk.

The report's authors said that understanding the risks present is a key to controlling future cyber attacks. HP chief technology officer of enterprise security Jacob West told V3 that as attacks become more advanced using intelligence is essential to handling firm's security.

"Attackers are constantly evolving their techniques to evade even the most sophisticated security tools," West said.

"Security intelligence is essential to help organisations understand their security posture and risk profile, determine how to prioritise that risk, and link security with IT operations."

HP's Cyber Risk Report found that 2012 disclosures levels were the highest since 2006.

Of the disclosures discovered in 2012, 44 percent was found to be of a mid-level severity. Another 36 percent was reported to be of a high-level severity. Just 20 percent of vulnerabilities disclosed were regarded as low-level risks.

"Even when armed with the right security intelligence, organisations must still focus on understanding and controlling risk rather than 'winning' the battle against attackers," continued West.

"Threats are a given, managing their impact to acceptable levels is the challenge enterprises must address."

A key area for last year's security concerns was the use of web applications. Web-based apps were found to cause six major types of vulnerabilities in 2012.

SQL injection, cross-site scripting, denial of service, buffer overflow, cross-site request forgery, and remote file vulnerabilities were found to be the most frequent vulnerabilities disclosed.

HP found that cross-site scripting vulnerabilities were the most common issue found last year. The firm reported that it found 45 percent of vulnerabilities were based on cross-site scripting.

Insufficient transport layer protection was the second most common vulnerability reported by HP. According to the company, insufficient transport layer protection was the second most common weakness with a 26 percent rate.

HP's 2012 Cyber Risk Report is part of an annual study released by the firm. Statistics for the report are gathered in a joint effort with HP Security Research, HP Tipping Point, and HP Fortify on Demand.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert
About

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club, CachedTech.com, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Privacy
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
30%
14%
28%
28%

Popular Threads

Powered by Disqus
Xperia Z2 vs Galaxy Note 3 video review.jpg

Xperia Z2 vs Galaxy Note 3 video review

We pit Sony's 2014 flagship against Samsung's ruling phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Customer Services (Fraud Prevention) - Night Shift-Kuala Lumpur

Customer Services (Fraud Prevention) - Night Shift...

Customer Support Specialist - Korean Speaking (Kuala Lumpur)

Customer Support Specialist - Korean Speaking (Kuala...

Customer Support Specialist - Japanese Speaking (Kuala Lumpur)

Customer Support Specialist - Japanese Speaking (Kuala...

[French] Technical Support

The Role We are looking for highly motivated, technically...
To send to more than one email address, simply separate each address with a comma.