You also are not taking into account the number of vulnerabilities that are
discovered by security consultants under NDA which are never published.
I have lost the count on the number of vulnerabilities (at the time
zero-days) that I have discovered in commercial software and where never
Benjamin Tomhave wrote...
This is completely unsurprising. Apparently nobody told the agile
dev community that they still need to follow all the secure coding
practices preached at the traditional dev folks for eons. XSS,
redirects, and SQL injection attacks are not revolutionary, are not
FYI, CERT/CC reported 8064 software vulnerabilities in 2006, for a
35% increase over 2005.
See http://www.theregister.co.uk/2007/01/21/2006_vulns_tally/
The article further states, The greatest factor in the skyrocketing
number of vulnerabilities is that certain types of flaws in community
Roosevelt
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kenneth Van Wyk
Sent: Monday, January 22, 2007 1:24 PM
To: Secure Coding
Subject: [SC-L] Vulnerability tallies surged in 2006 | The Register
FYI, CERT/CC reported 8064 software vulnerabilities in 2006, for a 35