In 2012 ZDI published 203 advisories on a long list of vulnerabilities. ZDI identified Microsoft as being the top vendor target for researchers, with over 100 submissions.
While 2012 was a busy year for new ZDI vulnerability disclosures, the actual attacks weren’t entirely new. Brian Gorenc, manager of the Zero Day Initiative, told eSecurity Planet that security researchers were not necessarily submitting new classes of vulnerabilities in 2012.
“We saw steady submissions of buffer overflows and use-after-free vulnerabilities as well as SQL injections,” Gorenc said. “We focus on remote code execution vulnerabilities, so those are the types of things that people submit to us”
What did change somewhat in 2012 was the submission of the same bug classes against products in the mobile space. Because mobile devices have a significantly large attack surface, researchers are now turning their attention in that direction, Gorenc noted.
“As people are using more mobile devices, we’re seeing a shift in research to those areas because that’s where the valuable information is,” Gorenc said.
Read the full story at eSecurity Planet:
Zero Day Initiative Identifies Vulnerability Trends
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.
