Microsoft is failing to confront an increased number of critical vulnerabilities in its software
Microsoft patched 36 critical holes in its products in the first five months of 2006

Microsoft faces critical vulnerability boom

Critical security holes up 70 per cent, but too early to draw any conclusions

Tom Sanders in California

Microsoft is failing to confront an increased number of critical vulnerabilities in its software, according to data collected by security vendor McAfee

The software giant patched 36 critical holes in its products in the first five months of 2006, marking a 70 per cent increase over the same period last year. 

Advertisement

Microsoft insisted in an emailed statement to vnunet.com that it does not believe the increase signals an upward trend. 

"There is no real significance to be placed in such a small sample set as January-June 2005 and January-June 2006," the firm said.

Microsoft added that it aims to reduce the number of vulnerabilities in its software, and has succeeded in several of its products including Windows Server 2003 and SQL Server 2005.

The company dismissed speculation that bug bounty programmes from security vendors like iDefense and TippingPoint play a part in the increased number of flaws found in Microsoft products.

IDefense organises quarterly challenges in which bug hunters can earn $10,000 if they report a critical vulnerability. The company targeted Microsoft products in the first quarter of this year. A contest going after databases is to conclude at the end of this month.

The iDefense contest resulted in the largest number of bug submissions in the history of the programme, a spokesman for iDefense told vnunet.com, three of which were patched by Microsoft last week.

The company paid the $10,000 bounty to the individual who found a critical flaw in the ART image file format.

IDefense agreed with Microsoft, however, maintaining that it is too early to draw any conclusions about the significance of the increase in security bugs in Microsoft software.

TippingPoint and iDefense are the only known commercial security vendors offering money for information about unpatched security vulnerabilities.

But it is believed that there is a large underground market for such information in which criminals, government spying agencies and corporate espionage groups bid against each other for zero-day exploits.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

Social networking

Summit: How businesses should manage their brands online

In part one of V3.co.uk's interview with Dirk Singer, he dicusses social media monitoring strategies

RIM discusses new developer tools

Blackberry exec on the latest offerings for programmers

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Alcatel-Lucent logo

Summit: Networks swamped by information overload

Alcatel-Lucent's Neal Tilley talks about how enterprises and carriers can...

EU flag

Breach notification laws get green light

Privacy rights strengthened in Europe

Richard Thomas

Summit: Richard Thomas advises on handling the data deluge

Former Information Commissioner speaks out on government databases and data...

oracle sun

War of words escalates between EU and Oracle

Commission comes out fighting after criticism from Oracle and Washington

Primary Navigation