‫ Cyber risk report 2013

IRCRE201403160

Date: 2014-03-02

 

The HP 2013 Cyber Risk Report is an annual collaboration among groups within HP Enterprise Security Products.

This section of the report uses data from the National Vulnerability Database (NVD) and the HP Zero Day Initiative (ZDI).

Finding 1: Total number of software vulnerabilities reported holds steady

The total number of new vulnerabilities reported through November 2013 (4704) decreased by roughly 6% from those disclosed in the same period for 2012 (5012). However, total numbers reported increased over 2010 and 2011 statistics.


The total number of disclosed vulnerabilities as reported by HP’s ZDI demonstrates a fairly consistent trend.


Finding 2: High-severity vulnerabilities are decreasing

Vulnerability severity is based on the CVSS scoring system. This system is designed to provide an open and standardized method for rating IT vulnerabilities. From this, the vulnerability is assigned a numeric score on a scale of 0 to 10. Not all vulnerabilities have equal impact. Those vulnerabilities of the highest severity are scored in the range of 7 to 10; medium at 4 to 6.9; and the lowest severity are 0 to 3.9. The number of vulnerabilities classified as “high severity” as reported by NVD has slowly declined since 2010.


ZDI top products

Java continues to place within the top five product submissions forwarded to the ZDI program by researchers. External researchers are shifting focus to client-side vulnerabilities more, thus targeting IE and Java. Looking at total surface area, it comes as no surprise that Internet Explorer is the number one targeted product for vulnerabilities in 2013. Web browser vulnerabilities overall more than doubled in 2013.


 
Resource:
Cyber riskreport 2013
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 11 اسفند 1392

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0