Vulnerability disclosure hits record levels
By Tom Brewster,
Vulnerability disclosures reached record levels in the first half of 2010, with most security holes lacking vendor patches, a report has shown.
In total, IBM’s X-Force Research and Development team recorded 4,396 new vulnerabilities over the first six months of 2010, representing a 36 per cent rise over the same period in 2009.
More than half of these flaws did not have a vendor-supplied patch by the end of the period.
The spike in disclosures might be the product of some of the work happening at software companies, which are hopefully putting more effort into trying to identify threats, patch them and then inform the public, said Tom Cross, manager of the X-Force team.
“It might actually be a good sign that we’ve seen an increase in vulnerability disclosure but for us it certainly makes the days longer,” Cross said.
Steve Robinson, general manager of IBM Security Solutions, added: "This year's X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities."
Vendor differences
The X-Force team reviewed the vendors with the most disclosures and discovered Sun Microsystems had the worst patch rate for the first half of 2010, with 24 per cent of vulnerabilities unpatched by the end of that period.
Microsoft did not fare much better, with 23.2 per cent of security holes lacking a fix.
Adobe, which plugged security holes in its Reader and Acrobat software this month, only had 2.9 per cent of bugs unpatched.
Google had the worst rate when it came to vulnerabilities with critical and high ratings, with 33 per cent patchless by the end of the period. Apple was the best performer in this category with none left unpatched.
Of all disclosures of vulnerabilities in operating systems ranked critical and high, Microsoft reported more than any other major vendor.
Almost three-quarters of all such disclosures came from Microsoft, with Linux far behind in second on 16 per cent.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Who to trust after the VeriSign hack?
- Lenovo beats expectations again
- BlackBerry Bold 9790 review
- Will someone rid me of these troublesome Macs?
- Google to promise fairness after Motorola buy
- Welcome to the stay-at-home Olympics
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
