The IBM Internet Security Systems X-Force® research and development team has recently issued a white paper on Internet Security threats. Some of the key findings are
- The overall severity of vulnerabilities increased, with high and critical severity vulnerabilities up 15.3 percent and medium severity vulnerabilities up 67.5 percent.
- Similar to earlier years, nearly 92 percent of 2008 vulnerabilities can be exploited remotely.
- Of all the vulnerabilities disclosed in 2008 only 47 percent can be corrected through vendor patches. Vendors do not always go back to patch previous year’s vulnerabilities. 46 percent of vulnerabilities from 2006 and 44 percent from 2007 were still left with no available patch at the end of 2008.
- The two largest categories of vulnerabilities in 2008 are Web application at 55 percent and vulnerabilities affecting PC software at roughly 20 percent.
- For vulnerable operating systems, operating systems from Apple and the base Linux kernel have dominated the top spots for vulnerability disclosures over the past three years.