IBM Security report under criticism
IBM released its security report last week detailing the security holes found in vendor’s software. Two vendors including Google questioned the validity of the findings and pointed out inconsistencies in the report. This prompted IBM to revisit its statistics for the first half of 2010 and update its security report.
X-Force team ranks the top 10 vendors
That could not patch critical security holes
IBM’s security team called X-Force created a report ranking the top 10 vendors which were not able to patch critical security holes in their products. Google questioned the validity of the report and provided its own research on the matter.
Stack Buffer Overflow Vulnerabilities account
For a good 33% of security holes.
Apparently, the 33% of security holes that IBM was talking about was actually a miscategorised bug. The error was confused with a “Stack buffer overflow” which is a critical security flaw. The actual error was only a “Stack overflow” which may sound the same to many laymen but in actuality is a lesser security risk.
It is not the first time that Google was able to defend how their products were depicted. In 2006, Google was able to prove that it’s Goggle search ads were a victim of bad statistics concerning the click fraud issue and improved the company’s image.
What were the results of the actual report update? Google now has 0% unpatched critical security holes. It joins the ranks of Apple, which provided the standard with its 0% rating on the first report. Linux and Sun also are now critical security hole free. Only Microsoft seems to be worse off because of it actually increased its unpatched security holes to 11% from 7%. Sadly, after completing all the corrections, it turns out that the vendor with the most unpatched security holes in the first half of 2010 turns out to be the company who created the report.
This rather demonstrates that reports of this kind are not conclusive by themselves. Caution is best observed when creating these kinds of reports because rarely do reports like these have to be changed this much. That is why intelligent minds should always voice out their views and check the validity of any published report.