The other side of security data
Another day, and yet another report that warns the Internet generation that the dark elements of cyberspace are out to get them.
The reports have become a staple of an industry that's discovered that any data may be quoted by journalists eager for numbers measuring the malicious side of the Internet. In the most recent example, Internet Security Systems released its quarterly report on the risks of being connected to the Net. The highlights: Viruses and worms are up 26 percent, vulnerabilities are holding steady and companies have less time to learn about and prevent attacks.
Earlier, security firm Symantec made public similar findings in its own biannual report and stated that the time is shrinking between the public disclosure of a vulnerability and the exploitation of the flaw in an attack program.
The data, however, should be questioned. Information about vulnerabilities is very subjective: Serious vulnerabilities tend to be turned into attack programs more quickly than noncritical vulnerabilities.
[ Read more ]