IBM X-Force Report - Drupal and other systems

Events happening in the community are now at Drupal community events on www.drupal.org.
Posted by greggles on March 2, 2010 at 12:04am

There is an IBM X-Force report about the state of security in a variety of platforms.

The researchers make some interesting claims. As always, doing this kind of thing is fraught with questionable assumptions, generalizations, and guesses that make the reports easy targets for criticism in spite of the best efforts of the authors.

One thing to note: they claim that there are unpatched vulnerabilities in a lot of the systems and give numbers for Drupal where I'm not sure what their source data is. If anyone can get in touch with the authors to ask for raw data I'd love to see it.

Upload failed - here's the link to the gated copy: http://www-935.ibm.com/services/us/iss/xforce/trendreports/

Comments

Interesting

Posted by rjbrown99 on March 11, 2010 at 7:28am

Does it say who the authors are? I can probably get in touch with them. If not I can run it up the flagpole with IBM. We're active customers of a number of their security products.

contributors to the report

Posted by greggles on March 11, 2010 at 9:18pm

Here are the contributors:

Colin Bell Principal Consultant, IBM Rational
AppScan onDemand Premium
Chris Stevens Software Engineer/Architect,
Virus Prevention System
Dan Holden X-Force Product Manager
Holly Stewart X-Force Threat Response Manager and
Trending Queen
Jon Larimer X-Force Advanced Research, Malware
Marc Noske Database Administration, Content Security
Michelle Alvarez Analyst & Team Lead, MSS Intelligence Center
(and aka Eagle Eyes)
Ralf Iffert Manager, Content Security Filter Quality
Robert Freeman Senior Technologist and Web Exploit
Watchman
Ryan McNulty IBM Managed Security Services and SQL
Querier Extraordinaire
Scott Moore X-Force Software Developer and X-Force
Database Team Lead
Tom Cross Manager, X-Force Advanced Research
Vernon Jackson Manager, X-Force Virus Prevention System,
Common Assessment Module, and
X-Force Database

thanks

Posted by rjbrown99 on March 12, 2010 at 9:12pm

I'll drop them an email next week... I have an active AppScan support contract so it should help in getting in touch with them.

FWIW, running AppScan against stock Drupal 6 shows nothing of significance in terms of vulnerabilities.

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /