Security vulnerabilities are on the rise with a 10.8 percent increase in vulnerabilities over last quarter, according to a study from the SANS Institute. There were 422 new vulnerabilities in the second quarter of 2005, compared to the 381 reported in Q1 2005.

SANS highlights a growing number of vulnerabilities in popular back-up products from Symantec/Veritas and Computer Associates as an unwelcome trend. Meanwhile consumers face risk from new vulnerabilities in iTunes and RealPlayer, along with a seemingly endless stream of browser vulnerabilities. The full SANS report (featuring a list of the top 20 newly discovered security vulnerabilities) can be found here [1].

"We are seeing a trend to exploit not only the Windows, but other vendor programs that are installed on potentially large number of systems," says Rohit Dhamankar, a research manager in 3Com's TippingPoint security appliance division. "These include backup software, management software, licensing software etc. Flaws in these programs put critical resources at risk as well as having a potential to compromise the entire enterprise."

Security firm Qualys has released a free network scanning service (here [2]) to help companies find and eliminate vulnerabilities listed in the SANS Top 20 update. ®

Related stories

SANS revises Top 20 security vulns list [3]
Red Hat holes less severe than Windows - study [4]
Three critical fixes in MS July security update [5]
3Com puts a bounty on vulns [6]
Browser bugs sprout eternal [7]

Links

1. http://www.sans.org/top20/q2-2005update/detail.php
2. https://sans20.qualys.com
3. http://www.theregister.co.uk/2005/05/03/sans_top_20/
4. http://www.theregister.co.uk/2005/07/27/red_hat_security/
5. http://www.theregister.co.uk/2005/07/13/ms_july_patch_batch/
6. http://www.theregister.co.uk/2005/07/25/3com_vuln_bounty/
7. http://www.theregister.co.uk/2005/04/06/browser_bugfest/