This may strike some security professionals as improbable, but a new report from IBM suggests that overall IT security situation may actually be improving.
The latest IBM X-Force 2011 Trend and Risk Report finds that the number of unpatched software vulnerabilities is decreasing, with only 36 percent of those issues remaining unpatched in 2011, compared to 43 percent in 2010.
Tom Cross, manager of threat intelligence and strategy for IBM X-Force attributes this change to ongoing education efforts among application developers, which he says are increasingly address security issues as part of the overall quality assurance process. Part of that success, says Cross, is a realization that fixing software security issues before code is deployed is a whole less expensive than trying to address once that code is in production.
Cross says that attack vectors are also starting to change because certain exploits that hackers routinely used are becoming less effective. For example, the report indicates a 50 percent reduction over the past four years in the likelihood of cross site scripting vulnerabilities (XSS). The report says there have been an approximately 50 percent decline in the global volume of spam email, which often carries malware payloads, compared to 2010.
Whether these improvements reflect a moment in time as hackers transition over to other exploits is unclear. What is for certain is that increased vigilance on the part of developers is finally starting to have some material impact.