Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

IBM X-Force Midyear Report: Vulnerabilities Up, Mobile Exploits Down

Though the number of publicly disclosed software vulnerabilities is on pace this year to break records set in 2010, there have been fewer mobile vulnerability exploits in 2012, according to a report released today by IBM's X-Force research and development teams.

Tracking statistics and attack trends through the first half of 2012, the IBM X-Force 2012 Mid-year Trend and Risk Report found that 4,400 new security vulnerabilities were discovered within that time period. If vulnerabilities continue at the same pace, the overall numbers could eclipse a record set in 2010 before a brief lull in new vulnerabilities occurred last year, IBM researchers say.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

The good news is that X-Force found a significant decline in publicly released exploits this year compared with first-half figures from 2010. The percentage of vulnerabilities for which there were exploits equaled about 9.7% in this year's first half, compared with 14.7% in the first half of 2010.

"X-Force believes that the decline in publicly available exploits is a direct result of architectural changes that have been made in software over the past few years that make exploiting these vulnerabilities more challenging," the report said.

One particular software niche that saw particularly significant declines in publicly available exploits is in mobile operating systems, IBM reports. According to company researchers, mobile vulnerabilities and exploits are down to their lowest levels since 2008.

"We are not seeing the expected massive exploitation and malware targeted toward mobile devices that many have predicted for years," said Clinton McFadden, senior operations manager at IBM X-Force research and development. "We are seeing the research the bad guys are doing, we're seeing some pockets of interesting exploitation and targeted malware, but not the explosion that we expected."

According to the report, one of the likely reasons for this decrease in mobile vulnerabilities is the continued maturation of mobile development practices. The spike and then decline in mobile vulnerabilities follows a similar pattern in any new market where easier bugs are found quickly and only the ones that are harder to find are left behind. The dip reflects a "lag in time between researchers and attackers discovering techniques to overcome previously perceived limitations," the report said.

Nevertheless, that doesn't mean enterprises shouldn't be concerned about mobile threats, McFadden said.

"This perfect storm of tool availability for the bad guys, lack of security tools , controls and security consciousness within the adoption of mobile, and pressure to adopt bring your own device are creating an atmosphere that security professionals should be concerned about," he warned.


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers