This strikes me as largely meaningless, bordering on good news. More bugs found = more bugs fixed = more secure software.
I dont really think you can compare the numbers from 2001 and 2006 though. There's way more people looking for bugs now than there were in 2001. Maybe there were more bugs around in 2001 as secure coding practises still weren't well known, and security was nowhere as mainstream as it is now, so your average developer was less aware of secure coding practises and techniques. Also, nowadays people rush to disclose vulnerabilites, no matter how minor they may be. There were plenty of vulnerabilites discovered in 2001 that weren't publicly disclosed, and some that probably still remain undisclosed. I would be interested to see what conclusions you can actually draw from these figures (really). On 1/23/07, Kenneth Van Wyk <[EMAIL PROTECTED]> wrote: > > FYI, CERT/CC reported 8064 software vulnerabilities in 2006, for a 35% > increase over 2005. > > See > http://www.theregister.co.uk/2007/01/21/2006_vulns_tally/ > > The article further states, "The greatest factor in the skyrocketing number > of vulnerabilities is that certain types of flaws in community and > commercial Web applications have become much easier to find, said Art > Manion, vulnerability team lead for the CERT Coordination Center. > > 'The best we can figure, most of the growth is due to fairly > easy-to-discover vulnerabilities in Web applications," Manion said. "They > are easy to find, easy to create, and easy to deploy.'" > > Cheers, > > Ken > ----- > Kenneth R. van Wyk > SC-L Moderator > KRvW Associates, LLC > http://www.KRvW.com > > > > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - > http://krvw.com/mailman/listinfo/sc-l > List charter available at - > http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > > > > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
