Even though Symantec saw the number vulnerabilities posted during the last six months of 2003 leveling off from previous months, those which were disclosed were more severe in nature. In particular, Symantec put the spotlight on Microsoft's Internet Explorer, which experienced a 70 percent jump in disclosed vulnerabilities in the second half of 2003 over the first.
The combination -- easily-exploited vulnerabilities and an increasing number of severe security holes -- means two things, said Dunphy. "The exploit windows continue to shrink," he said, referring to the continuing shortening of the time span between a vulnerability's release and the appearance of an exploit, and "zero-day threats may be on the horizon."
As an example of the first, Symantec held out the Gaobot worm, which exploited a vulnerability in Microsoft's Workstation Service less than two weeks after the flaw was first published in November 2003.
Zero-day threats are those that target vulnerabilities before they're announced and patches posted. Needless to say, they're the most dangerous, and difficult to contain.
"So far, every exploit we've seen has been against known vulnerabilities, for which patches are available," Dunphy said, even the disastrous MSBlast worm of August 2003. But he's not confident that he'll always be able to say that's true.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
