The third volume of the Microsoft Security Intelligence Report (SIR) is now available for download at: www.microsoft.com/sir – this link will take you to a summary portal that has links to the downloadable document, upcoming webcasts about the SIR results, and so on.As one of the primary authors for the vulnerability trends information, I will be hosting one of the webcasts on November 1, 2007 and you can register here: Microsoft Security Intelligence Report: Overview of Latest Trends in Vulnerabilities and Malicious Software (Level 100). If you want to quickly download the report in pdf, click on this link.There are lots of interesting results (with charts) in the SIR and I encourage you to look the whole report. However, here are a few of the things I would call out to you. The number of disclosures of new software vulnerabilities across the industry continuesto be in the thousands, with more than 3,400 new vulnerabilities disclosed in1H07. But this number actually represents a decrease from 2H06, the first period-to-perioddecline in total vulnerabilities since 2003. Note however, another trend as shown in the chart. High severity vulnerabilities continue to grow significantly, while the overall total flattened out. In the full report, you’ll also note a trend reversal with complexity to exploit dropping as well. There are a couple of other interesting results that I want to call out that you should examine with more detail in the full report Social engineering plays a growing role in overall malware attack techniques. This is a key result since even with vulnerability-free software, these techniques could succeed against users of any platform. Windows Defender has proportionally detected 2.8 times less potentially unwanted software on computers running Windows Vista than on computers running Windows XP SP2, based on normalized data. This is a practical measure of benefit that is somewhat more valuable in my opinion than vulnerability comparisons. That is enough teasers. Download the report at www.microsoft.com/sir. Regards ~ Jeff Related content opinion The Snake Oil Days of Internet Health By securityjones Sep 27, 2011 6 mins Business Continuity Data and Information Security opinion 5 Top Trends Redefining CSO Priorities By securityjones Aug 23, 2011 9 mins Identity Management Solutions Business Continuity Data and Information Security opinion Protecting the Supply Chain: The CSO Rides Shotgun By securityjones Aug 08, 2011 4 mins Business Continuity Data and Information Security Physical Security opinion Career Advice? One Word. Are You Listening? … Cybersecurity By securityjones Aug 03, 2011 3 mins Careers Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe