Security Watch: Flaws Exploited Faster - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
3/22/2004
03:42 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Security Watch: Flaws Exploited Faster

The only good news in last week's report from security vendor Symantec Corp. is that the rate at which Internet vulnerabilities were being found leveled off at seven per day in the last six months of 2003. The bad news is that now those flaws are being exploited much more quickly.

A concern of security pros is the time from when a vulnerability is disclosed publicly--often by software makers, who publish patches at the same time--and when writers of worms or viruses write malicious code to exploit it. "We looked at the life cycle from vulnerability to attack, and we could see that the speed is consistently getting faster and faster," says Vincent Weafer, senior director of Symantec Security Response. Weafer compares the three weeks it took for the Blaster worm to emerge last August to the three days that elapsed between the recent leak of Microsoft source code and an attack based on that code. The compressed time leaves businesses increasingly vulnerable, since days or months can pass before typical companies deploy patches.

Compounding the problem is the fact that blended threats, such as viruses that install backdoors for hackers after successful infections, are on the rise. They tend to be more sophisticated and damaging. Blended threats make up more than half of the top 10 malicious-code submissions Symantec received in the latter half of 2003. Of the top 50 submissions, backdoor-capable code increased 123%.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll