Major security reports routinely paint a sombre picture of the state of Internet security. Based on your experience, do you expect things to be better in the next 5-10 years?
If you look at our very latest IBM Full Year X-Force 2011 Trend and Risk Report you will note that despite the many challenges, throughout the report, we have also observed some positive trends and improvements.
The total number of reported web application vulnerabilities is lower than we’ve seen since 2005 and X-Force is seeing a significant decline in the number of true exploits that have been publicly released. When exploit code is released on the Internet it can provide an easy means for attackers to target vulnerabilities. In the past few years, exploit code was released for about 15 percent of the vulnerabilities that were publicly disclosed.
This year that number has dropped to 11 percent. The frequency of exploit code releases targeting web browsers as well as document readers and editors was down to levels not seen in over four years. Publicly disclosed vulnerabilities were also more likely to have patches than ever before. The percentage of unpatched vulnerabilities was down to 36 percent from 43 percent last year.
Throughout 2011 security teams were repeatedly challenged to do better.
Many were challenged to improve processes, technology, to educate employees and customers on safe practices, and to raise security intelligence by increasing visibility into the security posture of the business. IBM believes the way to help clients get ahead of security threats is to connect our analytics and intelligence capabilities across an organization for better prediction and detection. IBM made a big move by acquiring Q1 Labs in October 2011 and creating the new Security Systems division.
Continued news on how we’re advancing our security intelligence platform shows how seriously we’re addressing the market. With awareness comes action and change. It is our hope to make change. With this in mind we expect things to improve as awareness of the issues rises and the approaches, tools and techniques improve and clearly the significant investment we make in research will also help.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.