10:55 Ibm xforce threat report correction of figures | |
| An interesting story happened with the analytical report, IBM X-Force Threat Report, which traditionally comes out twice a year and devoted to an analysis of recent trends in information security. Among other things, they give statistics on the number of detected holes (in their database for the I floor. 2010 registered about 4500 vulnerabilities, by the way, a record number) and number of patches. Thus, they are rating, a vendor better cope with future vulnerabilities. A new report released last week (download a permit after registering, but you can try a direct link to PDF). It is interesting for two things. Firstly, the document will have to redo it. The authors of the IBM has already said that in the coming days, will replace the PDF on the FTP-server. The problem is that the two companies announced a protest on published figures in the rating of "holey vendors. One of these companies - Google. In the first version of the report, Google tops the list of worst close critical holes with an exponent of 33%. But it turned out that this figure was obtained on the basis of all three vulnerabilities disclosed in the Google services this year, one of which has not been closed, and as it turned out, this did was not a bug, but the result of terminological confusion. What other company besides Google filed a protest - is unknown, but IBM was forced to not just fix the error, and manually change the data, and other vulnerabilities (fixes the status of "critical", binding to the vendor, information about the output of patches). Correction of the database is reflected in many indicators. Old version of the document remained at Scribd, so that you yourself can compare two tables (p. 20). Table from an old report ... will be replaced by a new one. Google's reputation is cleared and now it means 0% of outstanding critical holes, as well as Linux and Apple. In the end, turned out - and this is the second interesting thing about the report - that after the correction digit IBM has put himself into first place in the list of "worst patcher, if we consider only critical vulnerabilities. | |
|
| |
| Total comments: 0 | |