SANS: Rising numbers of zero-day vulnerabilities

SANSTippingPoint and Qualys two security companies have been involved in a study named “The Top Cyber Security Risks” revealed that more than half of all cyber attacks are targeting applications and websites. This report is based on information collected from March to August 2009 from customers that are using the Intrusion prevention system and network monitoring solutions from both company.

According to the report the numbers of vulnerabilities discovered in applications exceed those for operating systems. Bugs in Adobe PDF Reader, QuickTime, Adobe Flash, Microsoft Office and other popular Web browsers are frequently used to spread malicious code over the internet.

At the same period the study revealed that organizations are updating the network application two times longer than it in the operating system, even that vulnerabilities in OS are less number. However there were no wide spread worms for operating system detected except Conficker.

One of the most serious network threats in the report is that there are some major software companies are not focusing on providing fixes for several zero-day vulnerabilities as a result some bugs still remains update for more than two years.

Very interesting study you can find more details about it here.

make sure you subscribe to my RSS feed!