The survey found that 725 new software flaws in the third quarter of this year, down slightly from 727 found in the second quarter. However, the 823 new worms and viruses that appeared between July 1 and September represented a 26 percent increase from the previous three months.
"The window of time between vulnerability disclosure and the release of a working exploit continues to shrink, leaving enterprises with even less time to learn about and prevent attacks," Chris Rouland, vice president of Internet Security Systems' vulnerability research team, said in a prepared statement.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
The conclusion meshes with previous reports. Security software maker Symantecbetween the first public mention of details of a software flaw and the release of code exploiting the flaw. Three serious Internet attacks--MSBlast, MSBlast.D and SoBig.F--struck in August.
Not all experts agree, however. The Computer Emergency Response Team (CERT) Coordination Center's latest report indicates that the number of flaws that will appear in 2003 is likely to be smaller than in 2002. That's a first: Between 1999 and 2002, the number of vulnerabilities recorded by CERT roughly doubled every year.