Vulnerabilities - more statistics - better
Coordination Center Computer Emergency Response Team (CERT)
published a report containing the statistics of identified vulnerabilities for 2006. Statistics are collected by the CERT group on the basis of public sources and reports sent by users. A total of 8064 vulnerabilities were identified, which is 35% more than in 2005.
Other “collectors” also recorded a significant increase in the number of vulnerabilities: Vulnerability Database, Open-Source Vulnerability Database and Symantec Vulnerability Database data show an increase of 20-35%.
According to Art Manion, a representative of CERT, the reason for such a jump in the statistics is primarily due to the fact that a sufficient number of high-quality services and programs appeared that made it easy to identify the “weak points” in the software. Tangible contributions are also made by communities of users who are quite active in informing about various security problems.
')
A simple search using Google Code Search helps professionals and advanced users to identify potential vulnerabilities. “A large number of reports on possible vulnerabilities were received by specialists from companies specializing in software security issues from users who used this search engine,” says Stephen Christie, editor of the CVE Project. In this regard, he also notes the active use of grep - a utility for Unix-systems.
Increasing the number of vulnerabilities does not mean that the Internet has become much more dangerous for users compared to 2005. For example, many web applications in which vulnerabilities have been discovered are created and used by relatively small communities, rather than large players on the network market. However, at the same time, applications written in PHP occupy a particularly “honorable” place in statistical reports: the share of these applications in the list of “unprotected” is 43%. PHP uses not only small network projects, but also large companies like Yahoo and Google.
The share of vulnerabilities found in operating systems in 2006 decreased, especially against the background of dominance of web applications in this issue. However, this does not mean that the security of certain operating systems has increased. “Malicious applications are still trying to attack systems, they are just now less likely to exploit OS kernel vulnerabilities for this,” said Oliver Fredricks, director of security for Symantec.
published a report containing the statistics of identified vulnerabilities for 2006. Statistics are collected by the CERT group on the basis of public sources and reports sent by users. A total of 8064 vulnerabilities were identified, which is 35% more than in 2005.
Other “collectors” also recorded a significant increase in the number of vulnerabilities: Vulnerability Database, Open-Source Vulnerability Database and Symantec Vulnerability Database data show an increase of 20-35%.
According to Art Manion, a representative of CERT, the reason for such a jump in the statistics is primarily due to the fact that a sufficient number of high-quality services and programs appeared that made it easy to identify the “weak points” in the software. Tangible contributions are also made by communities of users who are quite active in informing about various security problems.
')
A simple search using Google Code Search helps professionals and advanced users to identify potential vulnerabilities. “A large number of reports on possible vulnerabilities were received by specialists from companies specializing in software security issues from users who used this search engine,” says Stephen Christie, editor of the CVE Project. In this regard, he also notes the active use of grep - a utility for Unix-systems.
Increasing the number of vulnerabilities does not mean that the Internet has become much more dangerous for users compared to 2005. For example, many web applications in which vulnerabilities have been discovered are created and used by relatively small communities, rather than large players on the network market. However, at the same time, applications written in PHP occupy a particularly “honorable” place in statistical reports: the share of these applications in the list of “unprotected” is 43%. PHP uses not only small network projects, but also large companies like Yahoo and Google.
The share of vulnerabilities found in operating systems in 2006 decreased, especially against the background of dominance of web applications in this issue. However, this does not mean that the security of certain operating systems has increased. “Malicious applications are still trying to attack systems, they are just now less likely to exploit OS kernel vulnerabilities for this,” said Oliver Fredricks, director of security for Symantec.
Source: https://habr.com/ru/post/4983/
All Articles