CERT

 
Publications Catalog Historical Documents CERT Contact Information Meet CERT Employment Opportunities
 

CERT Statistics (Historical)

Over the years, we have published a variety of statistics related to the work performed in different areas of our program. Although we are no longer collecting and publishing these statistics, they may have value for research purposes. Each set of statistics has a related section that provides an explanation for what each column represents.

Cataloged vulnerabilities | Publications about vulnerabilities | Communications | Publications

Cataloged vulnerabilities

  • Q1-Q3, 2008
  • 6,058
  • 310
  • 2007
  • 7,236
  • 357
  • 2006
  • 8,064
  • 345
  • 2005
  • 5,990
  • 213
  • 2004
  • 3,780
  • 170
  • 2003
  • 3,784
  • 191
  • 2002
  • 4,129
  • 343
  • 2001
  • 2,437
  • 153
  • 2000
  • 1,090
  • -
  • 1999
  • 417
  • -
  • 1998
  • 262
  • -
  • 1997
  • 311
  • -
  • 1996
  • 345
  • -
  • 1995
  • 171
  • -
  • Totals
  • 44,074
  •  

Column Definitions

  • Year - This column represents the calendar year, not fiscal year.

  • Total vulnerabilities cataloged - This column reflects the total number of vulnerabilities that we have cataloged based on reports from public sources and those submitted to us directly. Storing the information in our database allows our analysts to systematically record vulnerability data; helps provide insight into significant preconditions, impacts, and scope; and gives us a way to validate reports and recognize new classes of vulnerabilities.

  • From direct reports - This column reflects the total number of vulnerabilities we have cataloged based on vulnerabilities reported directly to us. We encourage people to report vulnerabilities so we can coordinate with affected vendors to resolve vulnerabilities while minimizing the risk to all stakeholders. To determine an approximate number of vulnerabilities from public sources, subtract the number of direct reports from the total vulnerabilities cataloged. The actual number may differ slightly because occasionally, vulnerabilities are reported directly to us and disclosed to the public at the same time.

Publications about vulnerabilities

  • Q1-Q3, 2008
  • 145
  • 29
  • 22
  • 2007
  • 366
  • 42
  • 31
  • 2006
  • 422
  • 39
  • 37
  • 2005
  • 285
  • 22
  • 11
  • 2004
  • 341
  • 27
  • 17
  • 2003
  • 255
  • -
  • -
  • 2002
  • 375
  • -
  • -
  • 2001
  • 326
  • -
  • -
  • 2000
  • 47
  • -
  • -
  • 1999
  • 3
  • -
  • -
  • 1998
  • 8
  • -
  • -
  • Totals
  • 2,573
  • 159
  • 118

Note: Rows in italic indicate documents published on behalf of US-CERT.


Column Definitions

  • Year - This column represents the calendar year, not fiscal year.

  • Vulnerability Notes published - This column reflects the number of Vulnerability Notes we have published. These documents provide technical information and solutions to vulnerabilities that we have analyzed. Although we cannot publish information about every vulnerability, we make a concerted effort to publish information about the most critical and significant vulnerabilities. As of 2004, we publish these documents on behalf of US-CERT.

  • Technical Security Alerts published - This column reflects the number of Technical Security Alerts we have published in conjunction with US-CERT. These documents provide timely information about current security issues, vulnerabilities, and exploits.

  • Security Alerts published - This column reflects the number of Security Alerts we have published in conjunction with US-CERT. These documents provide timely information about current security issues, vulnerabilities, and exploits. They outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.

Communications

  • 2006
  • 674,235
  • 977
  • -
  • 2005
  • 624,634
  • 591
  • -
  • 2004
  • 717,863
  • 795
  • -
  • 2003
  • 542,754
  • 934
  • 137,529
  • 2002
  • 204,841
  • 880
  • 82,094
  • 2001
  • 118,907
  • 1,417
  • 52,658
  • 2000
  • 56,365
  • 1,280
  • 21,756
  • 1999
  • 34,612
  • 2,099
  • 9,859
  • 1998
  • 41,871
  • 1,001
  • 3,734
  • 1997
  • 39,626
  • 1,058
  • 2,134
  • 1996
  • 31,268
  • 2,062
  • 2,573
  • 1995
  • 32,084
  • 3,428
  • 2,412
  • 1994
  • 29,580
  • 3,665
  • 2,340
  • 1993
  • 21,267
  • 2,282
  • 1,334
  • 1992
  • 14,463
  • 1,995
  • 773
  • 1991
  • 9,629
  • -
  • 406
  • 1990
  • 4,448
  • -
  • 252
  • 1989
  • 2,869
  • -
  • 132
  • 1988
  • 539
  • -
  • 6
  • Totals
  • 3,201,855
  • 24,464
  • 319,992

Column Definitions

  • Year - This column represents the calendar year, not fiscal year.

  • Mail messages processed - We continue to process all mail sent to us, but due to the increase in spam, viruses, and other unsolicited mail that we receive, we believe this statistic no longer provides meaningful information. As a result, we stopped providing the statistic at the end of 2006.

  • Hotline calls received - This statistic refers to the number of hotline calls we received per year. Given the variety of calls we receive on a wide range of computer security issues, it would be difficult to draw any type of conclusion based on this number, so 2006 marked the final year for this statistic.

  • Incident reports received - Given the widespread use of automated attack tools, attacks against Internet-connected systems have become so commonplace that counts of the number of incidents reported provide little information with regard to assessing the scope and impact of attacks. Therefore, we stopped providing this statistic at the end of 2003.

Publications

  • 2004
  • 2
  • 2
  • -
  • -
  • 2003
  • 28
  • 4
  • -
  • 4
  • 2002
  • 37
  • 6
  • -
  • 4
  • 2001
  • 37
  • 15
  • -
  • 4
  • 2000
  • 22
  • 10
  • -
  • 4
  • 1999
  • 17
  • 8
  • -
  • 5
  • 1998
  • 13
  • 7
  • 13
  • 8
  • 1997
  • 28
  • -
  • 16
  • 6
  • 1996
  • 27
  • -
  • 20
  • 6
  • 1995
  • 18
  • -
  • 10
  • 3
  • 1994
  • 15
  • -
  • 2
  • -
  • 1993
  • 19
  • -
  • -
  • -
  • 1992
  • 21
  • -
  • -
  • -
  • 1991
  • 23
  • -
  • -
  • -
  • 1990
  • 12
  • -
  • -
  • -
  • 1989
  • 7
  • -
  • -
  • -
  • 1988
  • 1
  • -
  • -
  • -
  • Totals
  • 327
  • 52
  • 61
  • 44

Column Definitions

  • Year - This column represents the calendar year, not fiscal year.

  • Advisories published - CERT Advisories provided timely information about current security issues, vulnerabilities, and exploits. Beginning in 2004, CERT Advisories became a core component of US-CERT's Technical Cyber Security Alerts.

  • Incident Notes published - CERT Incident Notes provided information about incidents to the Internet community. Since 2004, this information has been incorporated into US-CERT's Technical Cyber Security Alerts and Current Activity.

  • Vendor Bulletins published - Vendor Bulletins were intended to facilitate the coordinated distribution of information written by vendors about security problems and solutions. The bulletins were discontinued in 1998.

  • Summaries published - CERT Summaries were published each quarter to draw attention to the types of attacks reported to our incident response team during the previous three months, as well as other noteworthy incident and vulnerability information. Summaries were discontinued at the end of 2003.

Last updated February 12, 2009