http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240049917/scada-security-in-a-post-stuxnet-world.html By Kelly Jackson Higgins Dark Reading Nov 06, 2012 New data points illustrate just what a turning point Stuxnet truly was in SCADA security: Twenty times more software flaws have been discovered in industrial-control systems (ICS)/SCADA systems since the 2010 discovery of Stuxnet, and the vendor whose PLC system was its ultimate target has patched 92 percent of reported vulnerabilities in its products over the past seven years. New data from Positive Technologies Security finds that 64 vulnerabilities were discovered and reported in industrial-control system products by the end of 2011, while only nine were reported between 2005 and 2011. And between January and August of this year, some 98 bugs were reported. The Russian researchers who authored the report based their data on vulnerability database information from ICS-CERT, CVE, Bugtraq, NVD, OSVDB, Mitre Oval Repositories, exploit-db, and Siemens Product CERT, as well as from exploit packs from Metasploit and Immunity, for instance. "The history of industrial system security is divided into two parts — prior to Stuxnet and afterwards," the authors wrote. "20 times more vulnerabilities have been detected since 2010 comparing with the previous five years." [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Tue Nov 06 2012 - 23:45:31 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 06 2012 - 23:47:28 PST