X-Force Research and Development Newsletter

January 2007 Issue

Welcome to 2007 and the January issue of the X-Force monthly newsletter.

The 12 months of 2006 saw vulnerabilities increase 40 percent over the previous year, reaching a staggering 7,247 new security vulnerabilities - the highest year on record.

But it wasn't all bad news. Looking closer at the security risk these vulnerabilities would typically introduce, it was quite noticeable that independent bug hunters had advanced the technology of "Fuzzing" and uncovered many content-level flaws - vulnerabilities typically classed as Medium risk. Consequently the proportion of High Impact vulnerabilities actually decreased in 2006 when compared to any previous year.

In addition to the latest statistics, in this month's issue we have two new editorials and features for you:

  • Celebrating its 11th birthday this month, the Phishing threat continues to be a highly profitable business for organized criminals. Following a parallel growth pattern to Spam, Phishing is easily one of the most voluminous threats targeting each of us every day. What does the future hold in store for us then? Gunter Ollmann, our director of security strategy, takes a closer look at how this threat will likely evolve over the next few years, and influencing factors on the protection technologies going forward.

  • For many years the yardstick used by traditional anti-virus vendors for measuring the breadth of their protection has been The WildList. In this issue X-Force manager for VPS, Vernon Jackson, examines the value of The WildList in today's malcode climate and explains how its traditional value in evaluating AV protection is limited and may not adequately reflect the protection against today's abundant threats.

    Read the January issue.

  •