Software // Enterprise Applications
03:42 PM
Connect Directly

Security Watch: Flaws Exploited Faster

The only good news in last week's report from security vendor Symantec Corp. is that the rate at which Internet vulnerabilities were being found leveled off at seven per day in the last six months of 2003. The bad news is that now those flaws are being exploited much more quickly.

A concern of security pros is the time from when a vulnerability is disclosed publicly--often by software makers, who publish patches at the same time--and when writers of worms or viruses write malicious code to exploit it. "We looked at the life cycle from vulnerability to attack, and we could see that the speed is consistently getting faster and faster," says Vincent Weafer, senior director of Symantec Security Response. Weafer compares the three weeks it took for the Blaster worm to emerge last August to the three days that elapsed between the recent leak of Microsoft source code and an attack based on that code. The compressed time leaves businesses increasingly vulnerable, since days or months can pass before typical companies deploy patches.

Compounding the problem is the fact that blended threats, such as viruses that install backdoors for hackers after successful infections, are on the rise. They tend to be more sophisticated and damaging. Blended threats make up more than half of the top 10 malicious-code submissions Symantec received in the latter half of 2003. Of the top 50 submissions, backdoor-capable code increased 123%.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll