DVLabs 2010 Risk Report

The security researchers over at Tipping Point (a.k.a. DVLabs) recently released a 2010 Full Year Top Cyber Security Risks Report. Back in my younger years I used to think that annual reports with pretty pictures and colorful graphs were only useful to pointy headed managers who couldn't understand tech. But now that I'm older and more mature I can sort of appreciate these reports as well!

Here are some highlights:

- "the annual number of vulnerabilities being discovered in commercial computing systems has remained steady from 2009 to 2010. At the same time, targeted exploits that take advantage of these known vulnerabilities have continued to increase in both severity and frequency. This means that unpatched or unupdated systems are putting enterprise data centers at a huge risk for being compromised." (See NASA they think patching is important too!!!)




- "nearly half of all reported vulnerabilities exist in Web applications – meaning services that use the Web as the portal for users to access or interact with a piece of software." (no surprise here...doesn't all software use the Web as a portal...?)

- "Attacks are becoming more productized and marketable." (Awesome! That means security guys like me are more marketable too!)

Sure, its got a little vendor bias and few shameless marketing plugs. But all in all it's a pretty decent report. Especially if you're looking for a few some good high level statistical ammunition. Like, "A survey of the entire IP space of the Internet determined that there are approximately 104 million active hosts, of which at least 9.2% are running Wordpress, Joomla, or Drupal". Damn bloggers!!!

**UPDATE**
If you enjoyed this report and would like to see others like it, Symantec just released their web based 2010 Internet Security Threat Report as well.