Secure Coding mailing list archives
Vulnerability tallies surged in 2006 | The Register
From: peter.werner at gmail.com (pete werner)
Date: Wed, 24 Jan 2007 13:56:49 +1100
This strikes me as largely meaningless, bordering on good news. More bugs found = more bugs fixed = more secure software. I dont really think you can compare the numbers from 2001 and 2006 though. There's way more people looking for bugs now than there were in 2001. Maybe there were more bugs around in 2001 as secure coding practises still weren't well known, and security was nowhere as mainstream as it is now, so your average developer was less aware of secure coding practises and techniques. Also, nowadays people rush to disclose vulnerabilites, no matter how minor they may be. There were plenty of vulnerabilites discovered in 2001 that weren't publicly disclosed, and some that probably still remain undisclosed. I would be interested to see what conclusions you can actually draw from these figures (really). On 1/23/07, Kenneth Van Wyk <ken at krvw.com> wrote:
FYI, CERT/CC reported 8064 software vulnerabilities in 2006, for a 35% increase over 2005. See http://www.theregister.co.uk/2007/01/21/2006_vulns_tally/ The article further states, "The greatest factor in the skyrocketing number of vulnerabilities is that certain types of flaws in community and commercial Web applications have become much easier to find, said Art Manion, vulnerability team lead for the CERT Coordination Center. 'The best we can figure, most of the growth is due to fairly easy-to-discover vulnerabilities in Web applications," Manion said. "They are easy to find, easy to create, and easy to deploy.'" Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Vulnerability tallies surged in 2006 | The Register Kenneth Van Wyk (Jan 22)
- Vulnerability tallies surged in 2006 | The Register Benjamin Tomhave (Jan 22)
- Vulnerability tallies surged in 2006 | The Register Wall, Kevin (Jan 22)
- Vulnerability tallies surged in 2006 | The Register pete werner (Jan 23)
- Vulnerability tallies surged in 2006 | The Register Dinis Cruz (Jan 24)
- Vulnerability tallies surged in 2006 | The Register Benjamin Tomhave (Jan 22)