Most Extensive Real-World Vulnerability Research

Apr 23, 2009, 21:07 (0 Talkback[s])

[ Thanks to An Anonymous Reader for this link. ]

"The Laws 2.0 reveals vulnerability half-life, prevalence, persistence and exploitation trends for five critical industry segments including Finance, Healthcare, Retail, Manufacturing and Services. These trends were drawn from a statistical analysis of more than 680 million vulnerabilities out of which 72 million vulnerabilities are critical, generated by 80 million scans during 2008.

"The Laws derived from this research are:

"1. Half-Life - The half-life of critical vulnerabilities remained at 30 days across all industries. Comparing individual industries, the Service industry has the shortest half-life of 21 days, Finance ranked second with 23 days, Retail ranked third with 24 days and Manufacturing ranked last with a vulnerability half-life of 51 days.

"2. Prevalence - Sixty percent of the most prevalent and critical vulnerabilities are being replaced by new vulnerabilities on an annual basis. This number has increased from the 2004 research where it was 50 percent. The top stragglers according to Laws 2.0 are MSFT Office, Windows 2003 SP2, Adobe Acrobat and Sun Java Plug-in."

Complete Story

Related Stories:

• Weekly Ten (4-20-2009): Web Herpes, Hackers Wanted, 20 Greatest Sci-Fi Movies(Apr 21, 2009)
• Vulnerabilities in Linux allow root privileges(Apr 16, 2009)
• New Attack Sneaks Rootkits Into Linux Kernel(Apr 16, 2009)
• Multiple holes in MIT Kerberos(Apr 09, 2009)
• PWN2OWN: What's a Vulnerability Worth?(Mar 19, 2009)
• Database Security(Mar 19, 2009)
• Risk report: Four years of Red Hat Enterprise Linux 4(Mar 11, 2009)
• Adobe Flash gets patch for critical flaw(Feb 26, 2009)
• Attack on SSL Users Discovered, Tool Sources Released(Feb 26, 2009)
• Secure Firefox With Seven Key Add-Ons(Feb 24, 2009)
• How to write a Linux virus in 5 easy steps(Feb 11, 2009)