Microsoft released its Security Intelligence Report this week finding, among other trends, that reports of vulnerabilities have continued to drop as more researchers and hackers focus on finding issues in applications, not operating systems.

The report, which sifts through data that the software giant collected in the first six months of 2008, found that that total number of vulnerabilities disclosed by researchers and hackers leveled off in late 2006 and early 2007 and then fell in the last six months of 2007 and continued to fall in the first half of 2008. However, while the overall number of reported vulnerabilities decreased, the number of high-severity issues jumped in the first half of 2008, compared to the prior six months.

"While a 19 percent general decrease in disclosures from a year ago is generally considered good news, it can't be considered 'good' for the industry when more than 15 new software vulnerabilities, on average, continued to be disclosed each day," Microsoft said in the report. "At these levels, the need for software risk management programs continues to be high."

The latest report is Microsoft's fifth edition of the Security Intelligence Report. The fourth edition of the report, released in April, found that the amount of malicious software removed by Microsoft's tools jumped 40 percent in the last half of 2007, an increase seen in the latest report as well, where the total amount of unwanted and malicious software jumped 43 percent.

The latest report found that researchers have found far fewer flaws in operating systems than in the past. More than 90 percent of flaws affected applications, the company said.

E-mail attacks witnessed another major trend: Two file types -- .html and .zip -- accounted for almost 98 percent of all blocked -- and presumed malicious -- e-mail attachments, the company said.

If you have tips or insights on this topic, please contact SecurityFocus.