- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
The annual IBM Internet Security Systems security trends report published Tuesday shows 7,427 software bugs were cataloged last year, an increase of 39.5% over the number of vulnerabilities identified in 2005.
IBM listed itself among the Top 10 vendors, whose products accounted for 964 of the 7,424 disclosed software vulnerabilities. According to the report, the Top 10 vendors for last year, in descending order, are: Microsoft, Oracle, Apple, Mozilla, IBM, Linux Kernal Organization, Sun, Cisco, HP and Adobe Systems.
The report says 86% of the Top 10 vendors’ publicly disclosed vulnerabilities received a software patch.
The remaining balance of the 2006 vulnerabilities are ascribed to “other vendors,” and 65% of these software flaws were patched, according the IBM ISS report.
The 39.5% spike in the number of vulnerabilities can be attributed to the type of tools security experts use now to evaluate software, says Gunter Ollmann, director of security strategy at IBM Internet Security Systems. “The use of fuzzing technology in the automated tools can find where bugs lie,” Ollman says.
Automated fuzzing tools typically run scripts that are tuned to throw garbled data at an application and see how it handles it, revealing many unwanted code-execution risks. These are often cataloged as medium risks, rather than high- or low-risk.
In general, the number of vulnerabilities discovered each year has been growing since 2000, and the risks associated with those vulnerabilities have been getting worse. In the year 2000, only 43.6% of vulnerabilities could be remotely exploited, while in 2006, that number reached 88.4%, according to the report.
Spam and phishing trends also are changing.
For one, spam messages have grown in size over the last two years, increasing from an average of 6KB to 9.5KB. “This is largely due to the increased inclusion of random data designed to help spam bypass the first-generation antispam technologies, and the use of images to convey message content,” the IBM ISS report states.
The report also found that spam messages are overwhelmingly sent in English, with only the languages of German, Korean, Portuguese and Russian appearing in any amount worth noting.
Geographically, IBM ISS points to South Korea (16.33%), Spain (14.71%), the United States (10.95%), France (9.92%), Brazil (6.76%), Israel (6.41%), Germany (5.27%), Italy (4.34%), Poland (3.28%) and Argentina (2.64%) as source countries with the greatest measured volumes of phishing e-mail transmitted.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment