July 26, 2010

Secunia Half-Year Report 2010

I usually try to avoid reposting information from others, but Secunia has a great security report that has some down to earth information relevant to every computer user:

Among the interesting statistics?

  • A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year.
  • In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010 to 760.
  • During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.
  • A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.
  • An Windows end-user can patch 35% of vulnerabilities with one tool from Microsoft, but requires another 13 to patch most of the rest.
Also, in terms of the raw number of vulnerabilities, Apple has shot past Microsoft and Oracle to claim the #1 spot. However, this doesn't take into account how severe the vulnerabilities are or how quickly a patch is released.

Red Flags and the Value of Experience

One of the things I hear often said, and something I subscribe to as well, is the idea that a lot of technical knowledge in the world of IT ...