Hewlett-Packard has a somewhat unique position when it comes to security visibility, as the company has multiple sources of security intelligence from both public and privately reported sources. HP’s Zero Day Initiative (ZDI) is one of the leading efforts in the security market that acquires vulnerability disclosures from researchers for payment.

As such, HP not only sees the security issues that are also publicly disclosed but has insight into what researchers have found and want to sell.

While HP’s ZDI was one of the leading organizations during 2013 reporting flaws in Oracle’s Java, surprisingly Java was not the leading product vulnerability submission cited in HP’s 2013 Cyber Risk Report. That dubious distinction falls to Microsoft’s Internet Explorer (IE). Web browsers and Java aren’t the only technologies to have vulnerabilities in 2013; HP found that supervisory control and data acquisition (SCADA) systems, which are used in Industrial settings, were increasingly targeted during the year. Overall, the volume of security disclosures rose during 2013, though the final tally did not represent an all-time high. In this slide show, eWEEK examines some surprising trends from the HP 2013 Cyber Risk Report.

Leave a Reply