La empresa Microsoft ha publicado su reporte llamado "Security Intelligence Report" correspondiente al primer semestre de 2007. A continuación los principales hallzgos del documento que pueden encontrar en: http://www.microsoft.com/security/portal/sir.aspx
Por cierto, estos reportes de "seguridad" centrados en código malicioso y vulnerabilidades tal vez responde a una necesidad de Microsoft de empezar a verse como una empresa de seguridad "profesional" y empujar así su producto antivirus que hasta el momento no es visto como un producto competitivo, aunque esto seguro cambiará pronto.
Otra nota: no sé qué tan "precisos" puedan ser estos hallazgos, viniendo del más grande fabricante de sistemas operativos con bastantes críticas a su seguridad, tal vez algunos resultados podrían estar "orientados", por así decirlo.
1.- Disclosures of High2 severity vulnerabilities across the industry continue to increase, while the growth of Low and Medium severity issues appears to be slowing.
2.- A decreasing percentage of vulnerability disclosures are being reported for operating systems. One possible interpretation is that security researchers are focusing more on applications as operating systems' security continues to improve. Additionally, the number of new applications is growing faster than the number of new operating systems, so the application proliferation may be helping to drive this vulnerability disclosure trend.
3.- While the number of vulnerabilities continues to increase, the ratio of exploit code available for these vulnerabilities remains steady and is even on a slight decline.
4.- In a product-by-product comparison, new products appear to be at less risk to publicly available exploit code than products that have been in the market longer.
5.- Trojans represented the largest number of variants that were collected during 1H07.
6.- Social engineering plays an increasing role in today's malware distribution. Social engineering attacks are on the rise.
No hay comentarios:
Publicar un comentario