Security vulnerabilities are on the rise with a 10.8 percent increase in vulnerabilities over last quarter, according to a study from the SANS Institute. There were 422 new vulnerabilities in the second quarter of 2005, compared to the 381 reported in Q1 2005.

SANS highlights a growing number of vulnerabilities in popular back-up products from Symantec/Veritas and Computer Associates as an unwelcome trend. Meanwhile consumers face risk from new vulnerabilities in iTunes and RealPlayer, along with a seemingly endless stream of browser vulnerabilities. The full SANS report (featuring a list of the top 20 newly discovered security vulnerabilities) can be found here (http://www.sans.org/top20/q2-2005update/detail.php).

"We are seeing a trend to exploit not only the Windows, but other vendor programs that are installed on potentially large number of systems," says Rohit Dhamankar, a research manager in 3Com's TippingPoint security appliance division. "These include backup software, management software, licensing software etc. Flaws in these programs put critical resources at risk as well as having a potential to compromise the entire enterprise."

Security firm Qualys has released a free network scanning service (here (https://sans20.qualys.com)) to help companies find and eliminate vulnerabilities listed in the SANS Top 20 update. ®

Related stories

SANS revises Top 20 security vulns list (http://www.theregister.co.uk/2005/05/03/sans_top_20/)
Red Hat holes less severe than Windows - study (http://www.theregister.co.uk/2005/07/27/red_hat_security/)
Three critical fixes in MS July security update (http://www.theregister.co.uk/2005/07/13/ms_july_patch_batch/)
3Com puts a bounty on vulns (http://www.theregister.co.uk/2005/07/25/3com_vuln_bounty/)
Browser bugs sprout eternal (http://www.theregister.co.uk/2005/04/06/browser_bugfest/)