Vulnerability disclosures reached record levels in the first half of 2010, with most security holes lacking vendor patches, a report has shown.
In total, IBM's X-Force Research and Development team recorded 4,396 new vulnerabilities over the first six months of 2010, representing a 36 per cent rise over the same period in 2009.
More than half of these flaws did not have a vendor-supplied patch by the end of the period.
The spike in disclosures might be the product of some of the work happening at software companies, which are hopefully putting more effort into trying to identify threats, patch them and then inform the public, said Tom Cross, manager of the X-Force team.
"It might actually be a good sign that we've seen an increase in vulnerability disclosure but for us it certainly makes the days longer," Cross said.
Steve Robinson, general manager of IBM Security Solutions, added: "This year's X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities."
Vendor differences
The X-Force team reviewed the vendors with the most disclosures and discovered Sun Microsystems had the worst patch rate for the first half of 2010, with 24 per cent of vulnerabilities unpatched by the end of that period.
Microsoft did not fare much better, with 23.2 per cent of security holes lacking a fix.
Adobe, which plugged security holes in its Reader and Acrobat software this month, only had 2.9 per cent of bugs unpatched.
Google had the worst rate when it came to vulnerabilities with critical and high ratings, with 33 per cent patchless by the end of the period. Apple was the best performer in this category with none left unpatched.
Of all disclosures of vulnerabilities in operating systems ranked critical and high, Microsoft reported more than any other major vendor.
Almost three-quarters of all such disclosures came from Microsoft, with Linux far behind in second on 16 per cent.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Want a return on your AI investment? Open source could be the key to successNews Organizations using open source AI tools are more likely to report a return on investment
-
IBM just open sourced these generative AI coding modelsNews IBM has open sourced models trained on code written in 116 programming languages - and it could make life a lot easier for enterprise developers
-
Adobe co-founder John Warnock dies aged 82News Warnock was pivotal in the development of the PostScript programming language in the early 80s
-
Application performance management for microservice applications on Kuberneteswhitepaper How to improve business-critical app performance in a Kubernetes environment
-
Can Oracle really be Linux's knight in shining armor?Opinion The self-proclaimed champion of open source freedom would like you to forget about its history
-
Achieving software health in the microservices ageWhitepaper Tips and tricks for the new and emerging remediation methods
-
The true story behind the IBM Personal ComputerIn-depth The industry-creating IBM Personal Computer 5150 turned 40 this year. To mark the occasion, we reveal the story of its birth – and destroy one long-running myth in the process
-
Xinuos sues IBM for patent infringementNews Lawsuit revisits ancient legal war over Unix code
