"For years buffer overflow has been the favorite target of online
attackers, but no more: Cross-site scripting is now the biggest culprit
That’s the scoop from Mitre Corp., which later this week will
release its latest findings about the flaws behind publicly-disclosed
vulnerabilities.
The number two favorite flaw is SQL injection, says Robert
Martin, lead for compatibility and outreach at Mitre, who first
discussed the new data at yesterday’s Cyber Security Executive
Conference in New York. The number of buffer overflow flaws exploited
dropped to number three in 2005 and number four so far this year,
according to Mitre.
Martin says he was surprised to find that cross-site scripting
has become the main flaw that attackers exploit in software. "We hadn’t
heard anything about this shift."
Mitre has recorded about 20,000 common vulnerability and
exposures (CVE) — the designation given to all publicly reported
vulnerabilities — with around 150 coming in per week. The statistics
were based on samples of these CVEs, he says. " – Darkreading
Article Link: http://www.darkreading.com/document.asp?doc_id=103774
