|
|
CERT Statistics (Historical)
Over the years, we have published a variety of statistics related
to the work performed in different areas of our program. Although we
are no longer collecting and publishing these statistics, they may
have value for research purposes. Each set of statistics has a
related section that provides an explanation for what each column
represents.
Cataloged vulnerabilities | Publications about vulnerabilities | Communications | Publications
- Year - This column
represents the calendar year, not fiscal year.
- Total vulnerabilities
cataloged - This column reflects the total number of
vulnerabilities that we have cataloged based on reports from public
sources and those submitted to us directly. Storing the information in
our database allows our analysts to systematically record
vulnerability data; helps provide insight into significant
preconditions, impacts, and scope; and gives us a way to validate
reports and recognize new classes of vulnerabilities.
- From direct
reports - This column reflects the total number of
vulnerabilities we have cataloged based on vulnerabilities reported
directly to us. We encourage people to report vulnerabilities so we
can coordinate with affected vendors to resolve vulnerabilities while
minimizing the risk to all stakeholders. To determine an approximate
number of vulnerabilities from public sources, subtract the number of
direct reports from the total vulnerabilities cataloged. The actual
number may differ slightly because occasionally, vulnerabilities are
reported directly to us and disclosed to the public at the same
time.
- Year - This column
represents the calendar year, not fiscal year.
- Vulnerability
Notes published - This column reflects the number of Vulnerability Notes we have
published. These documents provide technical information and solutions
to vulnerabilities that we have analyzed. Although we cannot publish
information about every vulnerability, we make a concerted effort to
publish information about the most critical and significant
vulnerabilities. As of 2004, we publish these documents on behalf of
US-CERT.
- Technical
Security Alerts published - This column reflects the number
of Technical Security
Alerts we have published in conjunction with US-CERT. These
documents provide timely information about current security issues,
vulnerabilities, and exploits.
- Security Alerts
published - This column reflects the number of Security Alerts we have
published in conjunction with US-CERT. These documents provide timely
information about current security issues, vulnerabilities, and
exploits. They outline the steps and actions that non-technical home
and corporate computer users can take to protect themselves from
attack.
- 2001
- 118,907
- 1,417
- 52,658
- Totals
- 3,201,855
- 24,464
- 319,992
- Year - This column
represents the calendar year, not fiscal year.
- Mail messages
processed - We continue to process all mail sent to us, but
due to the increase in spam, viruses, and other unsolicited mail that
we receive, we believe this statistic no longer provides meaningful
information. As a result, we stopped providing the statistic at the
end of 2006.
- Hotline calls
received - This statistic refers to the number of hotline
calls we received per year. Given the variety of calls we receive on a
wide range of computer security issues, it would be difficult to draw
any type of conclusion based on this number, so 2006 marked the final
year for this statistic.
- Incident reports
received - Given the widespread use of automated attack
tools, attacks against Internet-connected systems have become so
commonplace that counts of the number of incidents reported provide
little information with regard to assessing the scope and impact of
attacks. Therefore, we stopped providing this statistic at the end of
2003.
- Year - This column
represents the calendar year, not fiscal year.
- Advisories
published - CERT Advisories
provided timely information about current security issues,
vulnerabilities, and exploits. Beginning in 2004, CERT
Advisories became a core component of US-CERT's Technical
Cyber Security Alerts.
- Incident
Notes published - CERT Incident
Notes provided information about incidents to the Internet
community. Since 2004, this information has been incorporated into
US-CERT's Technical
Cyber Security Alerts and Current Activity.
- Vendor
Bulletins published - Vendor Bulletins were intended to
facilitate the coordinated distribution of information written by
vendors about security problems and solutions. The bulletins were
discontinued in 1998.
- Summaries
published - CERT Summaries were published each quarter to
draw attention to the types of attacks reported to our incident
response team during the previous three months, as well as other
noteworthy incident and vulnerability information. Summaries were
discontinued at the end of 2003.
Last updated February 12, 2009
|