5198 Security Vulnerabilities tracked by US-CERT in 2005

The headline probably says most all… 5198 vulnerabilities tracked by US-Cert in 2005. This comes from The SecurityFix. It’s probably not every vulernability that was out in 2005, just those that US-CERT issued advisories for. The breakdown is 812 in Windows 2,328 in various Unix/Linux/Mac/BSD systems and 2,058 affecting multiple operating systems. It would be interesting to see a breakdown of core operating system vulnerabilities versus, addon software. One problem with this kind of breakdown is most linux distributions ship the addon software with the core operating system. That’s likely why it doesn’t get tracked that way.

In the security fix post, Brian notes that many Microsoft Windows patches seem to address multiple issues in a single patch. This has the effect of possibly downlplaying the number of announced advisories. If one fix solves 8 problems is it really only one vulnerability?

The bottom line is this though. Software has bugs, ALL software. This is one of the first things I remember being taught in an introductory programming class. These days any program that opens documents or data from another machine is potentially a security risk. In addition to any program that accepts incoming connections from other machines. That’s a bit overwhelming, but true. I suspect as the number of differnet software programs multiplies, so will the vulnerabilities. I’m afraid I don’t see ways that the potential problems go away.

   Send article as PDF   

Similar Posts