From the ‘beware the web’ files:
With RSA coming, it’s that time of year again when security trend reports start popping up. Today, application security vendor Cenzic published their Q3-Q4 trends report which has some interesting findings.
Overall the number of vulnerabilities continues to rise led by web based vulnerabilities — and oh yeah, Microsoft’s IE had more issues, but Mozilla Firefox isn’t all that far behind.
Cenzic reported that IE accounted for 43 percent of all reported web browser vulnerabilities in the second half of 2008. Mozilla’s Firefox followed closely at 39 percent while Apple Safari was pegged at 10 percent and Opera was only 9 percent. Cenzic’s findings are a little different than those of research vendor Secunia who reported earlier this month that Firefox had more vulnerabilities (though they were patched quicker).
In terms of the totality of reported vulnerabilities, Cenzic reported that in the second half of 2008, there was a 10 percent increase totaling 2,835 reported vulnerabilities. Of those 80 percent were web application related.
The trend toward web application vulnerabilities is no surprise to me (and shouldn’t be to anyone) as this is something that has been happening for awhile. Hackers want to get at the largest number of people and the easiest way to do that is by way of a web application. In fact, Cenzic itself has been saying that web vulnerabilities are rising since at least July of 2007.