IBM Report Highlights Security Vulnerabilities Of 2008

As many as around half of the vulnerabilities discovered last year went unpatched from the vendors by the year’s end, according to a recent report from IBM’s X-Force research group that was released on Monday.

In terms of vendors, Microsoft acquires the top spot for percentage of vulnerabilities disclosed last year, followed by Apple, Sun, and Joomla. Incidentally, around 44 percent vulnerabilities from 2007 and 46 percent from that of 2008, had no fix available by the end of the last year.

The report also asserted that most of the spam messages appear to have come from Russia, around 12 percent, followed by US, and Turkey, and for the first time in history; in addition China dethrones the US for hosting the maximum number of malicious websites during the entire year.

The report further mentioned that the industry should assume newer approach towards prioritising its response to unfolded software vulnerabilities so as to reckon the suitable time when the emergency fixing is most required.

IBM asserts that the erstwhile ‘Common Vulnerability Scoring System’ primarily aims at the technical aspects of any vulnerability, including ease of exploitation and potential damage it can cause, and doesn’t recognise that the prime incentive for the contemporary offenders is economic.

The report further registered a rise of 13.5 percent in terms of new vulnerabilities in 2008 as against the year 2007, and almost 53 percent vulnerabilities discovered during last year had ended up the year with no fixes issued.

Go To Page 2 for our comments and more related links

Our Comments

It is interesting to find out how an organisation like IBM evaluates security risks as it gives us an insight into the psyche of the corporation. The biggest worry is the fact that China, which is supposed to be protected by the "great firewall of China" has surpassed the US when it comes to the number of malicious websites being hosted.

Related Links

IBM report: Vulnerabilities still going unpatched

(CNet)

IBM urges rethink on vulnerability assessments

(Vnunet)

IBM Report: Threat Scores Should Give Weight to the Economics of Cyber-crime

(eWeek)

2008 was year of the SQL injection attack: IBM

(Network World)

Report: Businesses Failing to Protect Site Visitors From Malware Threats

(Tech News World)