Bladewatch.com

Cnet

More than half of the security vulnerabilities disclosed during 2008 had no patches available from the vendor by the end of the year, according to a report released on Monday by IBM’s X-Force research group.

Meanwhile, 46 percent of vulnerabilities from 2006 and 44 percent from 2007 still had no patch by the end of 2008, the 2008 X-Force Trend and Risk report said. X-Force documented a record number of 7,406 new vulnerabilities last year.

While Microsoft is the vendor that tops the list in percentage of vulnerabilities disclosed, the Macintosh and base Linux kernel operating systems have dominated the top spots for vulnerabilities by operating system over the past three years, the report said.

Securing the infrastructure both in terms of security patches, access and permissions remains an important part of limiting your liability, of preventing unexpected system behaviour. With that in mind applying the security patches/hot fixes as appropriate, ensuring that anti virus/firewall software is working and configured is the cost of managing risk and maintaining system availability. At the same time securing the systems, locking them down where appropriate should also be undertaken, how much access do users actually need, would normal user access work ok? Managing user access to give them the tools, the access they need to fulfill their role to work in effect, protecting user and shared/private data as appropriate.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.