From RSA 2006: 'Tis the year to cut down vulnerabilities

By

Qualys has set a worthy goal for security companies to chase throughout 2006: cutting the half-lives of vulnerabilities by one-fifth.



Speaking at the 2006 RSA Conference in San Jose on Wednesday, Terry Ramos presented his company's "Laws of Vulnerabilities," pointing out that malicious software continues to increase.

"Malicious code continues to grow," he said, repeating the study's general findings. "New vulnerabilities are announced every week."

Seventy percent of the data for the survey was compiled from global enterprise networks, while 30 percent was taken from random trials, Ramos said. It was based on the results of 32 million network scans from the third quarter of 2002 to the same time in 2005.

Flaws are quickly taken advantage of by malicious users, Ramos added.

"Within days, there are exploits available for 80 percent of vulnerabilities. So, it is a race," he said. "Ninety percent of vulnerability exposures are caused by just 10 percent of critical vulnerabilities."

Time is also of the essence in battling planned attacks, Ramos added.

"Automated attacks create the most damage in their first 15 days," he said.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Allianz Life says majority of US customers' data stolen in hack

Allianz Life says majority of US customers' data stolen in hack

NT gov agency targeted in alleged $3.5m BEC scam

NT gov agency targeted in alleged $3.5m BEC scam

Gov to encourage vuln research, puts insurers and NFPs on notice

Gov to encourage vuln research, puts insurers and NFPs on notice

Log In

  |  Forgot your password?