Report: Sun, Microsoft and Mozilla leave the most vulnerabilities unpatched

Report: Sun, Microsoft and Mozilla leave the most vulnerabilities unpatched
SUN is the king of unpatched software vulnerabilities followed closely by Microsoft and Mozilla, according to the mid-year security report by IBM’s X-Force.

best online Microsoft MCTS Training, Microsoft MCITP Certification login in to Certkingdom.com

What would your ultimate network security look like?
Industry wide , on average 55% of software vulnerabilities that were disclosed by vendors went unpatched by those vendors, the IBM study says. That number crept up from last year’s average of 52%.
Strategies for PST File Elimination: Download now

The study lists the 10 vendors with the most disclosed vulnerabilities in the first half of 2010 and ranks them according to what percentage they leave unpatched. The ranking and the percentages are: Sun, 24%; Microsoft, 23.2%; Mozilla, 21.3%; Apple, 12.9%; IBM, 10.3%; Google, 8.6%; Linux, 8.2%; Oracle, 6.8%; Cisco, 6%; Adobe, 2.9%.

But the unpatched percentage for those companies that disclosed the most vulnerabilities seems to have spiked. Last year Microsoft was No. 1 in the percentage of unpatched vulnerabilities at 15.8% for the whole year. This year’s leader so far, Sun, weighs in at 24% for the first half, the report says.

The report notes that numbers for the entire 2010 calendar year may result in a smaller increase. “Time will tell,” it says. Web application vulnerabilities account for more than half of all vulnerabilities, the report says.

Challenges facing vendors have also increased, making patching more difficult. They are dealing with a 36% increase in the number of vulnerabilities vs. those reported for the first half of 2009, the report says. That’s a jump from 12,211 to 16,607 vulnerabilities.

Perhaps more worrisome is that the number of actual exploits has been increasing each year and the jump from 2009 to 2010 is trending toward being about 60% this year, the study says.

The report also says that as of June, spam is at an all time high, although it didn’t quantify that. Phishing is relatively low on a par with last year but is poised to take an enormous spike in August, September and October if it follows trends established in 2008 an 2009.

In an update on Conficker, IBM says that an update allows the botnet code to update based on encrypted peer-to-peer connections, making it impossible to block domains as a means to block updates. The new variant called Conficker.C lacked propagation code, so it could not be further spread by machines that became infected, IBM says.

<!–4c7e156c604e416fa3cfdf0845e97322–>

Click to rate this post!
[Total: 0 Average: 0]

Author: admin

Hi I educated in the U.K. with working experienced for 18 years in multinational companies, As an IT Manager and IT Instructor, I am attached with certkingdom.com here they provide IT exams study material, the study materials included exams Q&A with Explanation, Study Guides, Training Labs, Exams Simulations, Training Videos, etc. for certification like MCSE 2003 Training, MCITP Training, http://www.certkingdom.com, CCNA exams preparation, CompTIA A+ Training, and more Certkingdom.com provide you the best training 100% guarantee. “Best Material Great Results”

Leave a Reply

Your email address will not be published. Required fields are marked *