SIR Volume 7 Released

Hi everyone, Bryan here. Earlier this week, Microsoft released the latest volume of the Security Intelligence Report (SIR), which covers the first half of 2009. There are many interesting statistics in this report, but there’s one that I’d like to draw particular attention to: the number of industry-wide reported vulnerabilities as broken down by OS vulns vs. browser vulns vs. application vulns.


It is gratifying to see a sharp decline in the number of application vulnerabilities reported in the first half of 2009, but it’s important to note that they still make up the vast majority of vulns. Attackers are still largely focusing on the long tail of third-party applications. It’s more important than ever for all development shops, no matter how small, to bake security practices into their development lifecycles and ensure that their products don’t end up contributing to next year’s blue Application Vulnerabilities bar.

About the Author
Bryan Sullivan

Principal Security Program Manager, Trustworthy Computing

Bryan Sullivan is a Principal Security Program Manager in the Microsoft Secure Development team, where he focuses on cryptography and cloud security. Bryan has spoken at security industry conferences such as RSA Conference, Black Hat, BlueHat, OWASP AppSec and TechEd Read more »