Thursday, May 3, 2012

Summary of my vulnerability report during March, 2012


I summarized the number of  web application vulnerabilities that I reported during March, 2012.
  • Reported and fixed: 11 vulnerabilities
  • Reported but not fixed yet: 6 vulnerabilities
  • Not reported yet: 4 vulnerabilities
This is the correlation with Alexa rank of the website.
  • Reported and fixed
    • Rank 1 ~ 1,000: 1 vulnerability
    • Rank 1,001 ~ 10,000: 6 vulnerabilities
    • Rank 10,001 ~ 100,000: 1 vulnerability
    • Rank 100,001 ~ : 3  vulnerabilities
  • Reported, but not fixed yet
    • Rank 1,001 ~ 10,000: 1 vulnerability
    • Rank 10,001 ~ 100,000: 2 vulnerabilities
    • Rank 100,001 ~ : 3 vulnerabilities
  • Not reported yet
    • Rank 1 ~ 1,000: 1 vulnerabilities
    • Rank 1,001 ~ 10,000: 1 vulnerability
    • Rank 10,001 ~ 100,000: 2 vulnerabilities
    • Rank 100,001 ~ : 1 vulnerability
In the "Reported and fixed" category, this is the time between when I reported the vulnerability and when it got fixed.
  • 1 day: 3 vulnerabilities
  • 1 week: 7 vulnerabilities 
  • 1 month: 1 vulnerability