Bug bounty programs leaving less critical flaws undiscovered
The number of vulnerabilities reported last year has fallen by nearly a fifth, leaving a majority of users unaware of smaller, non-critical software faults, according to researchers.
HP DVLabs' 2011 Top Cyber Security Risks Report, last week catalogued only 6843 vulnerabilities in internet-based systems, applications and other software, compared with 8502 last year. Researchers pinned the decline on companies offering more money for information regarding flaws that were more difficult to find, leaving a number of less critical flaws undiscovered.
Other non-critical flaws may have been fixed by the affected companies and not reported, they noted. Of the vulnerabilities reported, about a quarter were classified as highly severe, attaining a score of between eight and the maximum ten on the National Vulnerability Database's Common Vulnerability Scoring System (CVSS).
- Tue, 2013-05-21 11:43
- Thu, 2013-05-16 02:45
- Tue, 2013-05-14 00:20