Security vulnerabilities reached record levels in the first half of 2010, according to a report from IBM. The company's X-Force 2010 Mid-Year Trend and Risk Report documented more than 4,396 new vulnerabilities so far this year, an increase of 36 percent over the same period in 2009.
According to the report, 55 percent of these vulnerabilities "had no vendor-supplied patch at the end of the period." Web-application vulnerabilities are cited as the most frequent threat, with more than half of all reported issues involving this area. But the report said even that assessment could be underestimated, since it doesn't include custom-built web applications.
IBM's X-Force team said it started to see "widespread use of PDF-based exploits" in the first half of this year, and now three of the top five browser exploits involve PDFs. In April, IBM detected nearly 37 percent more activity than average in this area. The good news, says the report, is that more organizations are doing more about security, and that this is "having positive effects on the industry by driving more collaboration to identify and eliminate vulnerabilities before cybercriminals can exploit them."
In addition, the report notes that as organizations move to cloud-based computing, they should review the security requirements of the workloads to be hosted before reviewing service providers.
Did you enjoy this article? Click here to subscribe to Security Magazine.
Led by CEO Al Grasso, The MITRE Corporation is paving the way to practical solutions for critical challenges in the U.S. while helping to foster talent, innovation and security for future generations. Learn more about this organization’s methods and mentorship in the October issue. Other topics in the October issue include profiles on the Port of Los Angeles and Seattle Children’s Hospital, 4K video surveillance tips and technology, security career advice and more.