Number of critical, but unpatched, vulnerabilities is rising
Source: IBM According to IBM's latest Security X-Force report on security risks and trends, more security vulnerabilities than ever before were discovered in the first half of 2010. An increase of 36% was seen compared to the first 6 months of the previous year. Developers are failing to keep pace with the rising number of vulnerabilities – the proportion of unpatched vulnerabilities at the end of the first half of this year rose from 52% to 55%. If the analysis is limited to vulnerabilities classified as critical or high risk, 71% remain unpatched.
Source: IBM The reaction of the 10 vendors, whose products topped the discovered vulnerabilities list, to security experts' disclosures varied a lot. Twenty four per cent of vulnerabilities remained unpatched after six months at Sun Microsystems, with Microsoft just behind in second place at 23.2%. Last year, Microsoft topped the list with 15.8%, while Sun failed to fix just 2.6% of reported vulnerabilities.
This time round, Mozilla took third place with 21.3%, followed by Apple with 12.9% and IBM with 10.3%. Google is a new entry in the list with 8.6%. By contrast Hewlett-Packard (HP), with 14.5% last year, has now dropped out of the top 10. Adobe came out of the study with the best figures, with just 2.9% of security vulnerabilities reported in the first six months of this year remaining unpatched.