<!--StartFragment -->Come riportato dalla versione italiana di "The Inquirer", Gunter Ollmann, Director of Security Strategy di IBM Internet Security Systems, ha commentato, il 24 luglio 2007, sul suo blog i risultati della ricerca "X-Force 2006 Trend Statistics" (pdf, 2.4 M, 34 pp) sostenendo che il software prodotto dalla piccole aziende contiene più errori rispetto a quello prodotto da grande aziende come Microsoft, IBM e Cisco. Infatti i dati riportati dalla ricerca indicano che le grandi aziende USA sono "responsabili" per il 2006 solo del 14% delle vulnerabilità individuate dai ricercatori di sicurezza (in calo rispetto al 20% dell’anno precedente). Il post di Ollmann contine numerose osservazioni interessanti sui nuovi trend in ambito sicurezza. The Inquirer osserva però che i criminali informatici sono più interessati a sfruttare i bachi dei software maggiormente diffusi (dunque relativi proprio alle 10 prime software company) piuttosto che quelli di piccole società poco conosciute e diffuse.

La classifica

• Microsoft Corporation 3.1%
• Oracle Corporation 2.1%
• Apple Computer, Inc. 1.9%
• Mozilla Corporation 1.4%
• IBM 1.2%
• Linux Kernel Organization, Inc. 1.2%
• Sun Microsystems, Inc. 1.0%
• Cisco Systems, Inc. 0.9%
• Hewlett-Packard 0.6%
• Adobe Systems Incorporated 0.4%

Indice del documento

• Management Overview
  • 2006 End-of-the-year highlights
• Vulnerability Analysis
  • Per Annum Vulnerability Count
  • Vulnerabilities Per Month
  • Vulnerabilities Per Week
  • Vulnerabilities By Day of the Week
  • Weekday Vs. Weekend
  • Classic High/Medium/Low Vulnerability Impact Breakdown
  • Common Vulnerability Scoring System (CVSS) Breakdown
  • Top Ten Vulnerable Vendors
  • Remote vs. Local Exploitation
  • Consequences of Exploitation
• Spam and phishing Analysis
  • From which countries does spam originate?
  • Where are the Web pages contained in spam messages hosted?
  • What is the average byte size of spam messages?
  • How much spam uses HTML?
  • How many e-mail servers did spam pass through before reaching its destination?
  • What are the most popular subject lines of spam?
  • What amount of spam exhibited a Reply-To: different from the From: message data?
  • What amount of spam had a Return-Path: different from the From: message data?
  • What is the language distribution of spam?
  • Where do phishing e-mails come from?
  • Where are Web pages contained in phishing e-mails hosted?
  • Where are phishing targets located?
  • How much phishing uses HTML?
  • How many e-mail servers was phishing passed through?
  • What is the effect of geographical distribution?
  • What is the history and future prospect of image-based spam?
  • Next Generation Spam
• Web Content Trends
  • Current Status of Unwanted Internet Content
  • Growth of Bad Content within the Last 12 Months
  • Current Distribution of Violence and Crime-related Web Sites
  • Current Distribution of Porn and Sex-related Web Sites
  • Current Distribution of Computer Crime-related Web Sites
  • Current Distribution of Illegal Drug-related Web Sites
• Malcode Analysis
  • Malcode Categorization
  • Malcode Categorization Trends
  • The X-Force Malware
  • Top 10 Malware Overall
  • Top 10 Backdoors
  • Top 10 Rootkits
  • Top 10 Trojans
  • Top 10 Worms
  • Top 10 Viruses
  • Top 10 Password Stealers
  • Top 10 Downloaders
  • Top 10 Mass Mailers
• Web Browser Exploitation Trends
  • Most Popular Exploit
  • Most Notorious Exploit
  • Obfuscation and Encryption
  • Delivery Mechanism Types
  • Windows-based Web Browser Wrap-up

Articoli collegati

• Classificare i siti di phishing (recensione di un altro articolo di Gunter Ollmann)
• Tutti gli articoli sulla sicurezza

Link

• L'articolo su "The Inquirer"
• Il post originario di Gunter Ollmann
• "X-Force 2006 Trend Statistics" (pdf, 2.4 M, 34 pp)