Known vulnerabilities in commercial applications are declining, but "severe" attacks have increased against both client/server and web applications, according to HP's 2011 Top Cyber Security Risks report.
New vulnerabilities in commercial applications have declined by almost 40 per cent since 2006 – just under 20 per cent between 2010 and 2011.
"This decline is due to several factors, including the advent of a private market for sharing vulnerabilities. In addition, the proliferation of custom-built web applications, such as retail web sites, has created a market for unique vulnerability exploits that require advanced expertise to locate and address," states the report.
Other findings include:
The report uses real data pulled from the HP TippingPoint Intrusion Prevention System (IPS) and HP Fortify.
The data is broken down by attacks, vulnerability category, source information, and severity to provide a snapshot of the attack landscape. This section also features an actual case study of the Web application risks at one large corporation.
The report can be downloaded here (Adobe Acrobat required).