As one of the contributors for the report, I’d like to highlight the findings summary for the Industry vuln trends:
- Vulnerability disclosures decreased by about 5 percent in 2007, reversing a multiyear trend of increasing disclosures. Almost all of this decrease was observed in the second half of the year, which had the fewest disclosures since 2H05.
- Despite the decrease, the number of new disclosures across the industry remains in the thousands, with the number of disclosures in 2007 surpassing that of every other year in the study except 2006.
- The Common Vulnerability Scoring System (CVSS) used to score vulnerabilities in the NVD was revised in 2007 to increase its accuracy, consistency, and applicability. Retroactively applying the new formula to vulnerabilities disclosed in previous years classifies a much higher percentage of vulnerabilities as High-severity than was previously
the case. The vulnerabilities disclosed in 2007 continue this trend, with High-severity vulnerabilities accounting for about half of the total number of vulnerabilities.
- Vulnerabilities requiring a Low-level of complexity in order to exploit accounted for
about half of all vulnerabilities disclosed in 2H07. Although this number is relatively
large, the number has declined significantly from earlier periods.
Here is the high level trend chart from the report:
Regards ~ Jeff