The annual IBM Internet Security Systems security trends report published Tuesday shows 7,427 software bugs were cataloged last year, an increase of 39.5 percent over the number of vulnerabilities identified in 2005.
IBM listed itself among the Top 10 vendors, whose products accounted for 964 of the 7,424 disclosed software vulnerabilities. According to the report, the Top 10 vendors for last year, in descending order, are: Microsoft, Oracle, Apple, Mozilla, IBM, Linux Kernal Organization, Sun, Cisco, HP and Adobe Systems.
The report says 86% of the Top 10 vendors' publicly disclosed vulnerabilities received a software patch.
The remaining balance of the 2006 vulnerabilities are ascribed to "other vendors," and 65 percent of these software flaws were patched, according the IBM ISS report.
The 39.5 percent spike in the number of vulnerabilities can be attributed to the type of tools security experts use now to evaluate software, says Gunter Ollmann, director of the X-Force research and rapid-response division within Internet Security Systems. "The use of fuzzing technology in the automated tools can find where bugs lie," Ollman says.
Automated fuzzing tools typically run scripts that are tuned to throw garbled data at an application and see how it handles it, revealing many unwanted code-execution risks. These are often cataloged as medium risks, rather than high- or low-risk.
In general, the number of vulnerabilities discovered each year has been growing since 2000, and the risks associated with those vulnerabilities have been getting worse. In the year 2000, only 43.6 percent of vulnerabilities could be remotely exploited, while in 2006, that number reached 88.4 percent, according to the report.
Spam and phishing trends also are changing.
For one, spam messages have grown in size over the last two years, increasing from an average of 6KB to 9.5KB. "This is largely due to the increased inclusion of random data designed to help spam bypass the first-generation antispam technologies, and the use of images to convey message content," the IBM ISS report states.
The report also found that spam messages are overwhelmingly sent in English, with only the languages of German, Korean, Portuguese and Russian appearing in any amount worth noting.
Geographically, IBM ISS points to South Korea (16.33 percent), Spain (14.71 percent), the United States (10.95 percent), France (9.92 percent), Brazil (6.76 percent), Israel (6.41 percent), Germany (5.27 percent), Italy (4.34 percent), Poland (3.28 percent) and Argentina (2.64 percent) as source countries with the greatest measured volumes of phishing e-mail transmitted.
Top phishing target countries, where the most phishing e-mail is received, are said to be the United States (71.37 percent), United Kingdom (4.96 percent), Germany (4.58 percent), Australia (2.67 percent) and Canada (2.67 percent).
The report also takes a stab at interpreting growth in unwanted content, including violence and crime, pornography, computer-related crime and drug-dealing sites. In terms of Web sites, the U.S. tops the list in every category and accounts for more than 50 percent in each case, according to the IBM ISS report.
When it comes to the most frequently seen malware, the Downloader Trojan turned up the most in 2006, according to IBM ISS.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
Enterprise Wireless WLAN Security
Learn more about the security challenges to be faced when defining and implementing security mechanisms within diverse wired and wireless network environments. Download this must-read guide to plan your wireless data protection strategy now.
Buying Guides
Latest Products
