Posted by greggles on March 2, 2010 at 12:04am
There is an IBM X-Force report about the state of security in a variety of platforms.
The researchers make some interesting claims. As always, doing this kind of thing is fraught with questionable assumptions, generalizations, and guesses that make the reports easy targets for criticism in spite of the best efforts of the authors.
One thing to note: they claim that there are unpatched vulnerabilities in a lot of the systems and give numbers for Drupal where I'm not sure what their source data is. If anyone can get in touch with the authors to ask for raw data I'd love to see it.
Upload failed - here's the link to the gated copy: http://www-935.ibm.com/services/us/iss/xforce/trendreports/
Comments
Interesting
Does it say who the authors are? I can probably get in touch with them. If not I can run it up the flagpole with IBM. We're active customers of a number of their security products.
contributors to the report
Here are the contributors:
knaddison blog | Morris Animal Foundation
thanks
I'll drop them an email next week... I have an active AppScan support contract so it should help in getting in touch with them.
FWIW, running AppScan against stock Drupal 6 shows nothing of significance in terms of vulnerabilities.