Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security

01:06 PM
Connect Directly
RSS
E-Mail
50%
50%

IBM Software Vulnerabilities Spiked In 2013

Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.

Did the number of vulnerabilities reported in IBM products jump by 400% from 2012 to 2013?

That finding comes from a new study, released Wednesday by vulnerability management security firm Secunia at the RSA conference, of the top types of software vulnerabilities facing enterprise networks. That information is crucial for helping IT administrators prioritize which applications and operating systems to patch first.

Overall, Secunia received reports on 13,073 new vulnerabilities in software products in 2013 -- comprising 2,289 products from 539 different vendors -- and said 16.3% of the bugs were rated "highly critical," meaning they can be used to remotely exploit systems. Finally, 0.4% of the vulnerabilities rated as "extremely critical," meaning bugs that could remotely exploit systems and which were also being actively targeted by in-the-wild attacks.

From 2012 to 2013, the total number of vulnerabilities seen by Secunia increased by 32%. Secunia officials said the spike largely stemmed from vulnerabilities reported in IBM products jumping from 772 bugs in 2012 to 4,181 bugs in 2013. Of those, 74% could be used to attack a remote network, 20% a local network, and 7% a local system.

Asked to comment on Secunia's findings, IBM offered a different set of statistics, based on counting any given vulnerability, even if present in more than one of its products, only once. "It's important that these vulnerabilities are measured accurately," said IBM spokeswoman Nicole Trager via email. "IBM reports unique vulnerabilities -- each unique vulnerability could affect more than one IBM product."

... Read the full story on Information Week Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Register for Wall Street & Technology Newsletters
Video