Software Vulnerabilities in 2006 Outnumber That of 2005
Modern society significantly depends on computer systems and the Internet for communication, business and other uses. But it is highly in threat of vulnerability problems in software that can let hackers slip through security means.
'Internet Security System' (ISS) is a world-renowned X-Force security research and development group that actively undertakes research in Internet and network security to unfold flaws in software programs.
Gunter Ollmann, 'director of the X-Force research team' at ISS estimates the number of vulnerabilities through September 2006 to reach 5,300 leaving the total 5,195 in 2005 beyond. Of these 5,300 vulnerabilities, 87.6 percent could be subject to remote exploitation; 10.8 percent to local host; and 1.6 percent by remote and local sources.
871 vulnerabilities affected Microsoft operating systems, while 701 affected Unix operating systems. As many as 3,219 crossed platform limits to affect all of them, including Linux. Thus, most of the vulnerabilities are Linux-based as Linux has so many versions.
ISS rates vulnerabilities as critical, high, medium and low. It rated 0.4 percent of the vulnerabilities recorded in 2006 as critical; 16.4 percent as high; 63 percent as medium; and 20 percent as low.
Of the vulnerabilities in 2006 so far, the highest single group flaws would let 'cross-site scripting' by 14.5 percent; 'SQL injection' by 10.9 percent; 'buffer overflows' by 10.8 percent; and 'Web directory path traversal' by 3 percent. The only favorable situation as per ISS is the decrease in critical and high-risk vulnerabilities by 8 percent from 2005.
Vulnerabilities in IT result from incorrect and insecure configurations. Security organizations continue to point, "default installation settings" as a primary source of vulnerability for companies around the world. Therefore, customers can go a long way in securing their environment through "secure out of the box" installations and getting advises on the risks emerging by obviating from such initial settings.
Related article: Software Giant Microsoft Becoming More Spam Affectionate
» SPAMfighter News - 16-10-2006