Home Business IT Security 25 Years of vulnerabilities - Linux has the most

25 Years of vulnerabilities - Linux has the most Featured

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

Researchers at Sourcefire have analysed 25 years of vulnerabilities that were reported to CVE and NVD databases and found some interesting results.

According to the report (lead author Yves Younan, Senior Research Engineer at Sourcefire):

We leveraged two well-respected data sources for our research. First, our classifications of vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) database which is used today as an international standard for vulnerability numbering or identification. The database provides 25 years of information on vulnerabilities to assess, spanning 1988 to current.

Next, we used information hosted in the National Vulnerability Database (NVD) at the National Institute of Standards and Technology (NIST). We did some normalization to the data with respect to vulnerability categorization to be able to provide more complete statistics.

Not wishing to steal all of the report's thunder, we will summarise only a few of the findings, the full report is available here (free registration is required).

The following three charts (derived from the report) illustrate the fact that the raw numbers of detected vulnerabilities peaked in around 2006 / 07 and have since declined to pre-2005 levels (the jury is still out on whether 2012 is an outlier or the start of a new trend).

 

Figure1: Total Vulnerabilities by Year

 

Figure2: High Severity Vulnerabilities by Year

 

Figure3: High Severity Vulnerabilities as a percentage of Total by Year

When the report turned its attention to the actual vulnerabilities independently of the products, it found that Cross-Site Scripting (XSS) vulnerabilities were very high in frequency, however, when the analysis was tightened to show only critical errors, this category almost completely vanished, instead, buffer overflows became the force to be reckoned with. "we believe it is now safe to declare the buffer overflow the vulnerability of the quarter-century."

 

Figure 4: Critical Vulnerabilities as a percentage by type

It would also appear that researchers (and 'hackers') appear to have a "flavour of the year" when it comes to discovered and reported issues.

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

Connect