Software security vulnerabilities to grow

By | January 30, 2007

Security research company, Internet Security Systems, anticipates a continued rise in profit-motivated attacks, including an increased focus on the Web browser and image-based spam.

According to the 2006 security statistics report, there were 7247 new vulnerabilities, which equals to an average of 20 new vulnerabilities per day. Over 88 percent of 2006 vulnerabilities could be exploited remotely.

ISS predicts that attacks on the Web browser will continue as a result of the “exploit as a service” industry. The sale of exploit material is becoming even more organized and is increasingly taking the shape of the channel sales model used by legitimate corporate entities. In terms of spam, ISS predicts that new forms of image-based spam will be developed to evade protection solutions. In terms of protection, ISS points that new methods are being used by attackers to avoid detection by commercial security solutions.

In 2007, the report estimates a continue rise in the total number of vulnerabilities, largely due to the release of new operating systems. While the new operating systems include more security functions than previous version, their sheer complexity will likely introduce new vulnerabilities.

Leave a Reply