Hanover/Potsdam. Since 2011 there has been a dramatic increase in the number of software vulnerabilities reported worldwide. Based on an analysis carried out by the Potsdam Hasso Plattner Institute (HPI), there were nearly 6,500 vulnerabilities reported at the end of 2014. As shown in the overview presented by the computer scientists, the figures from a comparison spanning a 15 year period is therefore just below the peak levels determined in 2006 and 2008. At that time there were approximately 7,000 so-called vulnerabilities reported. At CeBIT in Hannover, HPI announced that the increase has been particularly evident in moderate software vulnerabilities, which reached an all-time high in 20014.
On the other hand, vulnerabilities at the highest degree of severity have shown a continual decline since 2008, according to HPI Director Prof. Christoph Meinel. The computer scientist attributes this development to the concerted efforts of manufacturers in recent years “to eliminate particularly the most critical vulnerabilities.” According to the HPI study, the impact of vulnerabilities is distributed between the software problems of availability, integrity and confidentiality at 12 to 14 percent, respectively. In nearly half the cases all three problem areas are affected together.
“Availability refers to the accessibility of the service,” said Meinel. Integrity describes the possible occurrence of unauthorized writing access, which can result in a change to the data or system. The category of confidentiality covers everything that has to do with accessibility to sensitive data, such as passwords.
According to HPI’s study, with 511 reported vulnerabilities, Windows XP software tops the list of operating systems with critical vulnerabilities. Apple’s MAC OSX system takes fourth place and Linux seventh place in the rankings. “Of course you also have to consider the role played by the popularity of the software,” said the IT security expert. If an operating system is commonly used, potential attackers study it more closely because the vulnerabilities can lead to more widespread damage.
In the rankings of critical vulnerabilities in applications, the first three places on the list are held by the browsers Internet Explorer from Microsoft (700 reports), Google Chrome (600) and Mozilla Firefox (570), with other software applications following a considerable distance behind.
“The display software for Internet content is becoming increasingly complex because websites handle various multi-media formats and additional dynamic contents more frequently than ever,” said Meinel. Consequently the danger of vulnerabilities is growing. Browsers are probably the most frequent target for hackers. Because users navigate with the browser through the Internet, it is an ideal starting place for attacks,” said the Potsdam scientists.
Browser Self-Diagnosis at CeBIT
HPI presents CeBIT visitors the corresponding database for IT attack analysis (https://hpi-vdb.de), where the lion’s share of the data on software vulnerabilities and problems, which is freely available in the Internet, is integrated and combined. Here there are currently more than 68,000 pieces of information on vulnerabilities in nearly 173,000 affected software programs from 15,000 manufacturers. Using the database, HPI can check the browsers of all Internet users - including CeBIT visitors - for any detectable vulnerabilities, which are often exploited by cyber criminals. The system detects the browser version, including commonly used plugins, and displays a list of the known vulnerabilities. This vulnerability analysis is demonstrated live for CeBIT visitors. HPI plans to extend the self-diagnosis to other installed software.
HPI: One of the Largest Exhibitors in Hall 9
Hasso Plattner Institute (HPI) is among the largest CeBIT exhibitors in the subject area of “Research and Innovation” at this year’s fair. The HPI computer scientists are presenting the results of their latest research and development in the world of “Big Data” for the “d!conomy“ – the word coined for the “digital economy,” which describes the transformation leading to a fully networked economy. At its booth area, encompassing more than 380 square meters, HPI shows, for example, how corporate decision-makers can draw on innovative real-time data support in their meetings. HPI demonstrates the innovative possibilities for Big Data analysis not only in soccer but also in disease containment on a global scale. Some other topics that will be presented are new solutions on how to increase IT security and free online courses on information technology topics, which are open to everyone.
Note to the editors:
You can find detailed material (texts, photos, videos) at our CeBIT website: www.hpi.de/cebit. For the duration of the fair you can also find interviews with prominent CeBIT guest on the topic of German as an IT location at www.it-gipfelblog.de.