ISS: Vulnerability counts fall in 2007; Do you buy it?

Summary:IBM's Internet Security Systems is previewing its X-Force report and disclosed a notable factoid: Vulnerability disclosures fell 5.4 percent in 2007 relative to 2006.

IBM's Internet Security Systems is previewing its X-Force report and disclosed a notable factoid: Vulnerability disclosures fell 5.4 percent in 2007 relative to 2006.

Here's the data in a chart as disclosed in the ISS blog:

iss.png

Feel safer yet? You shouldn't.

ISS says that the decline is a statistical anomaly because the growth in vulnerabilities was large in 2005 and 2006. The 2007 decline could be just a statistical correction in an uptrend. ISS also notes that "although there was a decrease in overall vulnerabilities, high-priority vulnerabilities increased by 28 percent. Researchers could simply be focusing on the sometimes more difficult, high-priority finds."

I reckon that ISS' explanations are off on all counts. Vulnerabilities aren't down--disclosure is down. So where are these vulnerabilities going? Here are three not so comforting possibilities:

  • Hackers are selling vulnerabilities instead of disclosing them;
  • Hackers are banking vulnerabilities for later;
  • Or these vulnerabilities aren't disclosed and quietly patched. If a vulnerability is never disclosed and patched on the fly would you ever notice?

In any case, there's a lot happening under this surface data. Unfortunately, it'll take a few more years to see where the vulnerability trends lie.

Topics: IBM, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.