Software vulnerabilities spiked 39 percent in 2006

Microsoft, Oracle, Apple head the list of vendors whose products were found to be most vulnerable in 2006

The annual IBM Internet Security Systems security trends report published Tuesday shows 7,427 software bugs were cataloged last year, an increase of 39.5 percent over the number of vulnerabilities identified in 2005.

IBM listed itself among the Top 10 vendors, whose products accounted for 964 of the 7,424 disclosed software vulnerabilities. According to the report, the Top 10 vendors for last year, in descending order, are: Microsoft, Oracle, Apple, Mozilla, IBM, Linux Kernal Organization, Sun, Cisco, HP and Adobe Systems.

The report says 86% of the Top 10 vendors' publicly disclosed vulnerabilities received a software patch.

The remaining balance of the 2006 vulnerabilities are ascribed to "other vendors," and 65 percent of these software flaws were patched, according the IBM ISS report.

The 39.5 percent spike in the number of vulnerabilities can be attributed to the type of tools security experts use now to evaluate software, says Gunter Ollmann, director of the X-Force research and rapid-response division within Internet Security Systems. "The use of fuzzing technology in the automated tools can find where bugs lie," Ollman says.

Automated fuzzing tools typically run scripts that are tuned to throw garbled data at an application and see how it handles it, revealing many unwanted code-execution risks. These are often cataloged as medium risks, rather than high- or low-risk.

In general, the number of vulnerabilities discovered each year has been growing since 2000, and the risks associated with those vulnerabilities have been getting worse. In the year 2000, only 43.6 percent of vulnerabilities could be remotely exploited, while in 2006, that number reached 88.4 percent, according to the report.

Spam and phishing trends also are changing.

For one, spam messages have grown in size over the last two years, increasing from an average of 6KB to 9.5KB. "This is largely due to the increased inclusion of random data designed to help spam bypass the first-generation antispam technologies, and the use of images to convey message content," the IBM ISS report states.

The report also found that spam messages are overwhelmingly sent in English, with only the languages of German, Korean, Portuguese and Russian appearing in any amount worth noting.

Geographically, IBM ISS points to South Korea (16.33 percent), Spain (14.71 percent), the United States (10.95 percent), France (9.92 percent), Brazil (6.76 percent), Israel (6.41 percent), Germany (5.27 percent), Italy (4.34 percent), Poland (3.28 percent) and Argentina (2.64 percent) as source countries with the greatest measured volumes of phishing e-mail transmitted.

Top phishing target countries, where the most phishing e-mail is received, are said to be the United States (71.37 percent), United Kingdom (4.96 percent), Germany (4.58 percent), Australia (2.67 percent) and Canada (2.67 percent).

The report also takes a stab at interpreting growth in unwanted content, including violence and crime, pornography, computer-related crime and drug-dealing sites. In terms of Web sites, the U.S. tops the list in every category and accounts for more than 50 percent in each case, according to the IBM ISS report.

When it comes to the most frequently seen malware, the Downloader Trojan turned up the most in 2006, according to IBM ISS.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?