Security vulnerabilities reached record levels in the first half of 2010, according to a report from IBM. The company's X-Force 2010 Mid-Year Trend and Risk Report documented more than 4,396 new vulnerabilities so far this year, an increase of 36 percent over the same period in 2009.
According to the report, 55 percent of these vulnerabilities "had no vendor-supplied patch at the end of the period." Web-application vulnerabilities are cited as the most frequent threat, with more than half of all reported issues involving this area. But the report said even that assessment could be underestimated, since it doesn't include custom-built web applications.
IBM's X-Force team said it started to see "widespread use of PDF-based exploits" in the first half of this year, and now three of the top five browser exploits involve PDFs. In April, IBM detected nearly 37 percent more activity than average in this area. The good news, says the report, is that more organizations are doing more about security, and that this is "having positive effects on the industry by driving more collaboration to identify and eliminate vulnerabilities before cybercriminals can exploit them."
In addition, the report notes that as organizations move to cloud-based computing, they should review the security requirements of the workloads to be hosted before reviewing service providers.