CERT: Security flaw reports increasing

The number of reported computer system security flaws has increased dramatically, according to the CERT Coordination Centre

A dramatic increase in the number of reported computer system vulnerabilities has the global IT industry spooked, but the world's leading security authority said there is an upside to this threat.

Larry Rogers, a senior member of the technical staff at the US-based CERT Coordination Centre, told ZDNet Australia that for the 2001 calendar year, there were 2437 vulnerabilities reported. This compares with 1090 reported in 2000.

For the first three months of this year, 1065 had been reported, Rogers said.

What is responsible for such alarming growth in reported system vulnerabilities?

Rogers believes that there has been an increased awareness of security issues among businesses for a variety of reasons, including the 11 September terror attacks on the United States.

Threats posed by vulnerabilities have been on the radar of many businesses over recent months. Last week a Danish security research organisation warned users of a recently discovered software flaw which could leave their systems open to malicious code carried on Web pages or in emails.

There has also been an alert about a BIND vulnerability which could trigger a denial-of-service attack, and a growing number of virus warnings.

The CERT Coordination Centre, which studies Internet security vulnerabilities, handles computer security incidents and publishes security alerts, published 37 advisories during 2001, up from 26 for the previous year, Rogers said.

He said advisories were issued in response to both program vulnerabilities or configuration errors. "In some cases the person who finds it will report it to us, or we may read about it on some of the more widely known email lists," he explained. Vendors also report problems to CERT, Rogers said, which it then shares anonymously with other vendors before issuing an advisory.

According to Rogers, the vast majority of its constituency were professional system administrators, although others such as vendors also subscribe to its lists.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.