Feeds

Critical bugs surge in reduced flaw haul

Less is more scary

Security for virtualized datacentres

The number of software vulnerabilities discovered last year dropped last year after several years of growth.

But although the absolute number of software bugs unearthed last year slipped by 5.4 per cent compared to 2006, the number of high-priority vulnerabilities increased by 28 per cent, according to a preliminary analysis of bugs by the X-Force group in IBM's ISS security division. By comparison, the volume of vulnerabilities discovered in the previous two years increased by 41 per cent year-on-year.

"2005 and 2006 saw large spikes in vulnerability growth (approximately 41 per cent each year) that were well above the X-Force Database historical average (27 per cent a year). The drop [in 2007] could represent an anomaly, a statistical correction or a new trend in the amount of disclosures," X-Force researchers note.

X-Force researchers reckon the increased percentage of high-impact vulns among the smaller sample may be due to researchers focusing on finding more difficult, high-priority bugs.

Although X-Force's findings are open to different interpretations they do fall in line with findings from Microsoft published last October, looking at the first half of 2007. The software giant noted a drop in the number of vulnerabilities in the first half of 2007 along with a rise in the prevalence of critical flaws among that reduced number. Microsoft's analysis - based on data from the National Vulnerability Database - found a five per cent drop in vulnerability numbers in 1H07 to around 3,600 bugs for the first six months of last year. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.