Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

HP 2012 Cyber Security Risk Report

markpainter ‎02-27-2013 10:06 AM - edited ‎09-09-2015 11:46 AM

We are very pleased to announce the release of the HP 2012 Cyber Security Risk Report. Originally started several years ago by HP DVLabs, it has grown to encompass data, analysis and content from a wide range of HP groups and truly serves as a not only a representation of our unique view into the threat landscape, but also as a testament to the strength of our integrations and outlook.

Highlights from the report include:

Critical vulnerabilities are on the decline, but still pose a significant threat


High-severity vulnerabilities (CVSS4 score of 8 to 10) made up 23 percent of the total scored vulnerabilities submitted to the Open Source Vulnerability Database (OSVDB) in 2011 and dropped to 20 percent in 2012. While this reduction is significant, the data shows that nearly one in five vulnerabilities can still allow attackers to gain total control of the target. Long story short, it's getting harder for organizations to find the information they need to secure themselves, not easier, for a myriad of reasons. 
Web applications remain a substantial source of vulnerabilities


Web applications remain a popular and viable attack vector, due in no small measure to a lack of both organizations and developers alike to correct longstanding vulnerabilities. For instance, cross site scripting remains a pervasive web application security problem even though it's been around almost as long as the web itself. You can find more information about that specific finding  by clicking here.


In addition, the first documented cross-frame scripting (XFS) vulnerability, the root cause behind clickjacking attacks, was discovered over 10 years ago. Since then, clickjacking has become a well known vulnerability, yet less than one percent of 100,000 tested URLs  included the best-known mitigation, the X-Frame-Options header.

Vulnerability disclosure numbers are also revealing. Four of the six highest ranked OSVDB categories from 2000-2012 are either exclusively or primarily exploitable via web applications (cross site scripting, SQL injection, cross site request forgery, and remote file includes). Those same four categories comprised 40% of all submitted 2012 vulnerabilities.

Old and new technologies alike introduce new security vulnerabilities


As  seen with the recent Department of Homeland Security announcement recommending that the Oracle Java SE platform be universally disabled in Web browsers, seemingly mature technologies still suffer from new exploits. This is disturbingly evident in both the rising number of disclosed SCADA vulnerabilities and in a failure for organizations  to follow best practices when mitigating long standing web application security issues as seen above. 


In addition to old technologies, the explosive adoption of mobile devices and the applications that drive them has resulted in
a corresponding boom in mobile vulnerabilities. The last five years have seen a 787 percent increase in mobile application vulnerability disclosures. Multiple data sets also point to the fact that when coding mobile applications, developers are simply not considering the security implications of how they store, transmit and access data.



The report goes into much greater detail about these specific topics, and many more, to boot. To access the full report, click  HP 2012 Cyber Security Risk Report.

0 Kudos
About the Author


Information Security
on ‎03-14-2013 07:08 AM

Intersting article guys, I will read the full report to see if you offer any solutions.



Information Security
on ‎03-14-2013 07:11 AM

Your link is not working guys:


is not resolving.

Damion Carmickle
on ‎08-19-2013 09:39 AM
thank you for all your efforts that you have put in this. Very interesting info.
27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all