By Stefan Frei
I am pleased to share with you Secunia's Half Year Report for 2011 which identifies the evolution of important global trends in end-point security, software, and the entire security ecosystem. The findings are based on data extracted from the Secunia Vulnerability Intelligence Database.
We have split the report into two sections – each with their own unique focus areas.
The first part of the report focuses on the evolving threat of software portfolios typically found in organisations. The second section of this report presents global vulnerability data from the last five years and documents trends on a year-to-year basis as of June 2011.
Key findings include:
- Cybercriminals are bypassing traditional perimeter defences by means of the automated mass production of attack variants – thereby initiating an arms race with defenders.
- Security patches are found to be an effective means to escape the arms race, as they remediate the root cause of compromise.
- The analysis reveals that timely patching of the software portfolio of any organisation is like chasing a continually moving target.
- A comparison of different patching strategies under the assumption of limited resources demonstrates that an intelligent patching strategy is an effective approach for reducing vulnerability risks.
- Research shows that for the majority of vulnerabilities there are patches available on the day of disclosure. While 0-days still represent a significant threat, we actually have the power to neutralise a larger part of the risk than what is commonly perceived.
You can download the Secunia Half Year Report here.
I hope you enjoy reading it.
Research Analyst Director