Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Report on global IT and network vulnerabilities.

Research And Markets : 02 August, 2007  (New Product)
Report highlights industry trends and reactions to IT and network vulnerabilities from perspective of both users and suppliers of protection technology.
Research and Markets has announced the addition of the Frost & Sullivan report "Q1 2007 World Vulnerability Research Markets" to their offering.
The Frost & Sullivan research titled Q1-2007 World Vulnerability Research Markets examines the entire vulnerability research market including educational, corporate, and individual participants, providing in-depth analysis and insightful perspectives.

Network and communication technology is the backbone of business all over the world and yet the value of such systems is largely underestimated until they come under attack. Past attacks have shown that the consequences of inadequate protection can be dire, often resulting in the loss of billions of dollars in revenues over the years. Malicious researchers have realized the monetary value of unpatched security vulnerabilities and are racing to find new vulnerabilities.

Consequently, there is now a very real demand for the vulnerability information, essential for the prevention of such attacks. Accordingly, companies that have aligned their business strategy have gained a strong competitive advantage and are emerging as leaders in the world market for vulnerability research.

Interestingly, vulnerability compensation programs have reignited a great deal of debate in recent months. This was sparked primarily by the CanSecWestcontest in which TippingPoint paid a researcher for the discovery of a zero-day exploit. 'While supporters claim that compensation programs facilitate the exchange of information between independent researchers and software vendors, critics assert that vulnerability compensation programs create an environment that promotes a mercenary attitude amongst researchers, thereby harming the market as a whole,' notes the analyst of this research service. 'TippingPoint and iDefense are the best known vulnerability compensation programs, and both claim to deal only with reputable sources and act in a responsible manner.'

Quite significantly, there is a huge difference between the numbers of critical vulnerabilities reported compared to the number of low- or medium-rated vulnerabilities - strengthening the idea that there is more prestige associated with reporting a critical vulnerability. This is dangerous as there is a trend in exploitation, where hackers are combining less critical vulnerabilities to gain access to a network. Simultaneously, the number of vulnerabilities reported by software vendors is shrinking. Frost & Sullivan believes that this shows that software vendors are likely to develop a patch, but not report the vulnerability to the computer emergency response team (CERT). However, this may also suggest a lack of product testing by software vendors.

With regard to operating systems, Microsoft is the largest target for hackers because it still boasts of the most prevalent operating systems (more than 90 percent of desktops and 35 percent of servers). Due to this, Microsoft is affected by the highest number vulnerabilities, twice as many as Apple. Linux systems were a close second in this regard. Among Web browsers, IE and Opera both have strictly critical vulnerabilities, while Firefox has a more even spread of low, medium, and high risk vulnerabilities. Individual researchers are responsible for the majority of the disclosed vulnerabilities in Mozilla products. 'Overall, TippingPoint is currently on track to disclose far more vulnerabilities than last year, with more than twice as many disclosures as Q1 of 2006,' says the analyst. 'Likewise, VeriSign, Secunia, IBM Internet Security Systems, and McAfee are also on pace to disclose more vulnerabilities than last year.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo