The increase in vulnerability disclosures has had a “significant impact” on IT professionals managing large IT infrastructures, according to the IBM report.
Close to half of vulnerability disclosures in 2010 were web application flaws, mostly resulting from cross site scripting and SQL injections. These two methods were also cited in the 2009 report as the most popular for exploiting web application flaws.
“These [web application] vulnerabilities represent just the tip of the iceberg since many organizations develop third-party applications in-house that are not subject to public vulnerability reports”, the report noted.
IBM X-Force said that many exploits are publicly released months after the public disclosure of the vulnerabilities they target, suggesting that attackers are able to use exploit code after patches have been made available.
The SQL Slammer worm, which first emerged in January 2003, continues to be the most common source of malicious Internet traffic, the report said.
The use of the term “advanced persistent threat” became widespread in 2010, after high-profile attacks on corporate enterprises by sophisticated targeted attackers. In addition, botnet activity continued to grow last year.
The report noted that security has become a primary concern of companies in adopting emerging technologies, such as cloud computing and mobile devices.