Software a bigger security risk than viruses
by James Middleton, © 1995-2002 VNU Business Publications
Ltd. All rights reserved
Tuesday, 29th January 2002 - Global exploitation of software vulnerabilities
increased by 124 per cent last year, according to industry watchers.
Analysts at mi2g's Intelligence Unit claimed that viruses are on the decline
and exploitation of software vulnerabilities is increasing. New viruses fell
from 413 in 2000 to 245 in 2001. However, exploitation of software vulnerabilities
increased from 1,090 incidents in 2000 to 2,437 in 2001. Steve Trilling, a
Symantec representative, said: "With more critical business and government
functions conducted online, we could see more 'professional' attackers." Simon
Perry, a Computer Associates representative, said: "We haven't seen a virus
with a really malicious payload yet. We are probably about 12 or 24 months
away from the mother-lode virus."
An mi2g representative added that as new software vulnerabilities are exploited,
corporations have to patch up their systems continuously. Computer Economics
has estimated the global damage of code attacks at $13.2bn in 2001. The most
significant attacks were by worms exploiting software vulnerabilities, such
as Code Red ($2.6bn), SirCam ($1.2bn) and Nimda ($635m).
DK Matai, chief executive of mi2g, said:
"Why are so many vulnerabilities coming to light? Software vendors have profited
from new products without paying adequate attention to long-term quality.
The focus on product development from day one has to be on security."