Over half of 4,396 new vulnerabilities discovered in the first half of this year had no vendor-supplied patch at the end of the period.
IBM's X-Force 2010 mid-year trend and risk report revealed that there had been a 36 per cent increase in documented vulnerabilities compared to last year. Of these vulnerabilities, the most are in web applications, accounting for more than half of all public disclosures.
The report also revealed that in the first half of 2010, organisations were doing more to identify and disclose security vulnerabilities than ever before. This in turn is having positive effects on the industry by driving more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them.
Tom Cross, manager at X-Force, said: “To me one of the most interesting points of this is a substantial increase in the volume of vulnerability disclosure. What that means for my team is a lot more work, as we have to catalogue all of those vulnerabilities and make sure we protect our customers against attacks that target them.
“It also means more work for people in the IT industry who are responsible for patching these security vulnerabilities, and in some respects it may be the product of work that goes on in some companies, but hopefully they are spending time trying to identify security vulnerabilities and patch them and inform the public about them, and fix them before the bad guys are able to target them.
“It may be a good sign that we have seen such an increase in vulnerability disclosure, but for us it certainly makes the days longer.”
The report also claimed that Adobe did the best job of fixing holes that were reported in its products, with just three per cent of reported holes unpatched at the conclusion of the first half of this year.
However Google joined the list of the top ten software vendors, with the most reported holes in the first half of the year, replacing HP on that list. Apple accounted for most of the vulnerability disclosures just ahead of Microsoft who came in second.