IBM-ISS: Top-ten vulnerable software vendor

Come riportato dalla versione italiana di "The Inquirer", Gunter Ollmann, Director of Security Strategy di IBM Internet Security Systems, ha commentato, il 24 luglio 2007, sul suo blog i risultati della ricerca "X-Force 2006 Trend Statistics" (pdf, 2.4 M, 34 pp) sostenendo che il software prodotto dalla piccole aziende contiene più errori rispetto a quello prodotto da grande aziende come Microsoft, IBM e Cisco. Infatti i dati riportati dalla ricerca indicano che le grandi aziende USA sono "responsabili" per il 2006 solo del 14% delle vulnerabilità individuate dai ricercatori di sicurezza (in calo rispetto al 20% dell’anno precedente). Il post di Ollmann contine numerose osservazioni interessanti sui nuovi trend in ambito sicurezza. The Inquirer osserva però che i criminali informatici sono più interessati a sfruttare i bachi dei software maggiormente diffusi (dunque relativi proprio alle 10 prime software company) piuttosto che quelli di piccole società poco conosciute e diffuse.

La classifica

  • Microsoft Corporation 3.1%
  • Oracle Corporation 2.1%
  • Apple Computer, Inc. 1.9%
  • Mozilla Corporation 1.4%
  • IBM 1.2%
  • Linux Kernel Organization, Inc. 1.2%
  • Sun Microsystems, Inc. 1.0%
  • Cisco Systems, Inc. 0.9%
  • Hewlett-Packard 0.6%
  • Adobe Systems Incorporated 0.4%

Indice del documento

  • Management Overview
    • 2006 End-of-the-year highlights
  • Vulnerability Analysis
    • Per Annum Vulnerability Count
    • Vulnerabilities Per Month
    • Vulnerabilities Per Week
    • Vulnerabilities By Day of the Week
    • Weekday Vs. Weekend
    • Classic High/Medium/Low Vulnerability Impact Breakdown
    • Common Vulnerability Scoring System (CVSS) Breakdown
    • Top Ten Vulnerable Vendors
    • Remote vs. Local Exploitation
    • Consequences of Exploitation
  • Spam and phishing Analysis
    • From which countries does spam originate?
    • Where are the Web pages contained in spam messages hosted?
    • What is the average byte size of spam messages?
    • How much spam uses HTML?
    • How many e-mail servers did spam pass through before reaching its destination?
    • What are the most popular subject lines of spam?
    • What amount of spam exhibited a Reply-To: different from the From: message data?
    • What amount of spam had a Return-Path: different from the From: message data?
    • What is the language distribution of spam?
    • Where do phishing e-mails come from?
    • Where are Web pages contained in phishing e-mails hosted?
    • Where are phishing targets located?
    • How much phishing uses HTML?
    • How many e-mail servers was phishing passed through?
    • What is the effect of geographical distribution?
    • What is the history and future prospect of image-based spam?
    • Next Generation Spam
  • Web Content Trends
    • Current Status of Unwanted Internet Content
    • Growth of Bad Content within the Last 12 Months
    • Current Distribution of Violence and Crime-related Web Sites
    • Current Distribution of Porn and Sex-related Web Sites
    • Current Distribution of Computer Crime-related Web Sites
    • Current Distribution of Illegal Drug-related Web Sites
  • Malcode Analysis
    • Malcode Categorization
    • Malcode Categorization Trends
    • The X-Force Malware
    • Top 10 Malware Overall
    • Top 10 Backdoors
    • Top 10 Rootkits
    • Top 10 Trojans
    • Top 10 Worms
    • Top 10 Viruses
    • Top 10 Password Stealers
    • Top 10 Downloaders
    • Top 10 Mass Mailers
  • Web Browser Exploitation Trends
    • Most Popular Exploit
    • Most Notorious Exploit
    • Obfuscation and Encryption
    • Delivery Mechanism Types
    • Windows-based Web Browser Wrap-up

Articoli collegati

Link

AG-Vocabolario: