Vulnerabilities: What's Wrong With This Picture?

So are we starting to figure out how this security stuff works? Well, not that you'd think, at least according to a recent report by the Computer Emergency Response Team(CERT). In fact, says CERT, in 2006 the number of reported vulnerabilities are up 35 percent over 2005.

According to CERT, the total number of vulnerabilities logged by the organization last year was 8064, an increase of 35 percent. These numbers were in line with other major flaw databases -- the National Vulnerability Database, the Open Source Vulnerability Database, and the Symantec Vulnerability Database -- all of which recorded increases ranging from 20 to 35 percent in 2006 over 2005.

So where are all these vulnerabilities coming from? Applications written in languages such as PHP accounted for 43 percent of the total vulnerabilities. And according to Art Manion, CERT vulnerability team lead, the biggest issues is the number of vulnerabilities in Web applications. "The best we can figure, most of the growth is due to fairly easy-to-discover vulnerabilities in Web applications," Manion said. "They are easy to find, easy to create, and easy to deploy."

The bottom line is that it seems we're making it easier -- not harder -- for the bad guys to go about their nefarious business.

Posted by Jon Erickson at 06:11 AM  Permalink