Hewlett-Packard officials are saying that the number of vulnerabilities in commercial applications is continuing to fall, dropping almost 20 percent between 2010 and 2011.
However, while the downward trend in vulnerabilities is good news, the risks involved in those vulnerabilities is growing, and cyber-attacks themselves more than doubled in the second half of the year, according to HP’s 2011 “Top Cyber-Security Risks Report,” announced April 19.
The report also outlined an evolving security landscape, including hacker motivation—such as with hackativist groups like Anonymous and LulzSec, that use attacks in retaliation for perceived wrongs rather than for financial gain—and the attack techniques, which are leading to more successful security breaches.
So the number of vulnerabilities may be falling, but “it’s not really a good indication of risk,” Jennifer Lake, security product marketing manager for HP DVLabs, told eWEEK.
According to HP’s numbers, there were 6,843 disclosed vulnerabilities in 2011, compared with 8,502 in 2010. However, that only accounts for commercially available software and not for custom-made applications, Lake said. The tech vendor gets its figures from HP DVLabs’ Zero Day program, the HP Fortify Application Security Center Web Security Research Group, data from deployed HP TippingPoint Intrusion Prevention Systems and the Open Source Vulnerability Database. (Read More)