A changing landscape

A changing landscape
Rohyt Belani, 2005-09-07

In 2004, I came across an empirical study published by the CERT/CC that indicated a diminishing correlation between the number of vendor-issued vulnerabilities and the number of reported security incidents. In the years prior to 2002, the number of reported security breaches had always been proportional to the number of vendor-published vulnerabilities. That corollary made sense, since attacks and worms followed vulnerabilities. However, in 2003 and beyond this was no longer the case. The number of incidents rose dramatically as compared to the number of published vulnerabilities.

Expand all | Post comment

A changing landscape 2005-09-07
Anonymous (1 replies)

Re: A changing landscape 2005-09-07
Anonymous (1 replies)

Re: Re: A changing landscape 2005-09-22
Anonymous

A changing landscape 2005-09-07
Anonymous

A changing landscape 2005-09-08
Anonymous

A changing landscape 2005-09-09
Griggs

A changing landscape 2005-09-09
Augusto P Barros

changing our point of view 2005-09-12
Alexey Vesnin (1 replies)

Re: changing our point of view 2005-09-15
Anonymous (2 replies)

Re: Re: changing our point of view 2005-09-20
Alexey Vesnin

Re: Re: changing our point of view 2005-09-29
eMZe

Yes, it is expensive, if you use it only in ONE place. It (or any comparable product) is LIFE SAVING in systems where you have to manage hudreds of devices or use hundreds of logins on webs, shells, etc. Web banking: It can be forged, of course, since it relies on some browser data that can be catched (spectrum is server-configuration dependent); but if you require extra login to process a transaction, risk is really minimized.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/352/32467#32467