Microsoft patched 133 'critical' or 'important' vulnerabilities in 2006, more than doubling the number from 2005, according to data collected by security vendor McAfee.
Both Microsoft and McAfee pointed to a variety of factors as the cause for the rise in vulnerabilities, but none of those suggested that there is anything wrong with the quality of Microsoft's code.
Dave Marcus, security research and communications manager at McAfee, told vnunet.com that Microsoft's software was not necessarily at fault, but that the overall success of the company's products made Microsoft a popular target for an ever-expanding market for exploits and malware.
"When it comes to talking about vulnerabilities, the existence of a vulnerability in and of itself does not mean that there is an increase in risk, " said Marcus.
"The rise in critical vulnerabilities really just means a rise in discoveries; the vulnerabilities were there in the first place."
Marcus pointed out that detecting and removing every possible vulnerability in an application like Windows or Office, which can contain millions of lines of code, would be nearly impossible.
Vulnerability researchers and malware writers are focusing their bug searches on critical vulnerabilities. Because they can be exploited to install malware and spyware, they are the most useful for commercial exploitation.
"The critical vulnerability is definitely the holy grail," said Marcus.
Mark Miller, director of the Microsoft security response centre, agreed that the increased monetary value placed on the discovery and exploitation of security vulnerabilities is causing more vulnerabilities to be found.
"I think there is a rise across the industry," he said. "Microsoft's increase is relative to that."
Marcus believes that Microsoft's market domination has put it in the spotlight for security researchers and malware authors, and that less popular applications yield a smaller pool of potential victims.
"Targets of opportunity is a big deal," he said.
Post your comment
Send an email to the Computing editor at feedback@computing.co.uk
del.icio.us
digg this
reddit!
There are no plans to postpone May deadline despite protests, says IATA 09 May 2008
Email indicates that security measures introduced after HMRC breach are not working 09 May 2008
More news
Mobile and contactless systems lead the way to the payments of the future 07 May 2008
SAP and Microsoft are two of the suppliers targeting firms through software as a service 07 May 2008
Cutting down the amount of content we send and store would help reduce the IT industry’s impact on the environment, says Mark Samuels 07 May 2008 More in depth
Advertising Marketplace
- Enterprise Accounting Solutions
- Business Intelligence Solutions
- Enterprise Content Management (ECM)
- Supply Chain Management
- Enterprise Resource Planning (ERP)
- Project Management Solutions
- Customer Relationship Management (CRM)
- Security Solutions
- Systems Management
- Networking and Communications Solutions
Featured jobs
More job opportunities