Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
The third volume of the Microsoft Security Intelligence Report (SIR) is now available for download at: www.microsoft.com/sir - this link will take you to a summary portal that has links to the downloadable document, upcoming webcasts about the SIR results, and so on.
As one of the primary authors for the vulnerability trends information, I will be hosting one of the webcasts on November 1, 2007 and you can register here: Microsoft Security Intelligence Report: Overview of Latest Trends in Vulnerabilities and Malicious Software (Level 100).
If you want to quickly download the report in pdf, click on this link.
There are lots of interesting results (with charts) in the SIR and I encourage you to look the whole report. However, here are a few of the things I would call out to you.
The number of disclosures of new software vulnerabilities across the industry continuesto be in the thousands, with more than 3,400 new vulnerabilities disclosed in1H07. But this number actually represents a decrease from 2H06, the first period-to-perioddecline in total vulnerabilities since 2003.
Note however, another trend as shown in the chart. High severity vulnerabilities continue to grow significantly, while the overall total flattened out. In the full report, you'll also note a trend reversal with complexity to exploit dropping as well.
There are a couple of other interesting results that I want to call out that you should examine with more detail in the full report
That is enough teasers. Download the report at www.microsoft.com/sir.
Regards ~ Jeff