Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security

Security

Lesser Security Flaws in 2007, but Critical

Decrease for the first time in years

By Vlad Constandes, SEO News Editor

12th of February 2008, 18:36 GMT

Adjust text size:


Societe Generale was the biggest loser in the game
Enlarge picture
There's some good news and some bad news, according to the annual X-Force report released by Internet Security Systems, a part of IBM Corp. The good news is that there have been lesser recorded security flaws in 2007, only 6,437, compared to the previous year, a decrease of 5.4 percent. The bad news is that web security overall hasn't been improved. That just means that the same attacks have been going through lesser holes, at a higher rate.

Of course, the emergence of a black market
that will pay up to $100,000 to hackers, in order to find such security flaws just so they get the first chance to exploit it, as The Associated Press reports, is not a very soothing thought. It did lead to lesser minor vulnerabilities being discovered (everybody must have gone for the big bone that brought home the big money) and that might be the reason for the missing percentages.

Chris Rouland, ISS's chief technology officer, thought that "it is profitable not to (publicly) report a vulnerability," according to the cited source. The train of thought is that security companies are buying information on the flaws of their own products, so that they can patch them without anyone ever taking notice. Moral aspect aside, that's a pretty good technique to keep a spotless reputation.

That's not all the bad news there is. ISS' report also found that the critical security holes jumped 28 percent in 2007, or at least the discovered ones. This must also be an effect of the black market I mentioned earlier, as these would be the proverbial bone in the example.

The best example of such a security flaw is the recent Societe Generale French bank that lost some $7 billion because of a rogue employee made some unauthorized trades after exploiting only a couple of vulnerabilities. Ouch!

TAGS:

 security | vulnerability | critical | ISS | report


Rating:
Fair (2.5/5) 4 vote(s) so far    

Read by 0 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Al-Qaeda Security Updated

Google's Postini Offers Protection for Microsoft

Europe, the Best Place to Get Spam from

Kaspersky Warns Against Dial-Up Trojans

Moroccan Prince's Identity Stolen on Facebook

Spammers Take a Break

Hacked Antivirus Site Delivers Virus

Google Wins "Crimes Against Humanity" Lawsuit

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive