More evidence that a new approach to security is required if user's hope to stave off the threats caused by conventional browsers and PC vulnerabilities...
While the security community has a responsibility to act as a watchdog and report the vulnerabilities that are discovered, these alerts are increasingly becoming a hand-book for even amateur hackers.
...online criminals have latched on in a big way to programs that help them automatically generate attacks based on publicly available information about vulnerabilities. In the past they apparently spent more time finding such holes themselves, but no longer find that as necessary.
In Web browsers — an area heavily targeted by hackers — hacking exploits were available within a day after flaws were discovered 94 percent of the time, up from 79 percent in 2007, IBM's report said.
For all PC vulnerabilities, over 80 percent of the exploit code was released the same day — or even before — the holes were publicly disclosed. That's up from 70 percent last year, according to the IBM study.
It would seem to me that a more private, well-vetted consortium of experts/companies should form a closed reporting system that prevents exploits (as much as possible) from becoming public until after they are addressed. It'll never fully stop the publication of "proof of concept" hacks, but a 'silent whistle' system that is endorsed by all involved could make a dent in the problem.
More importantly, it's clear that security can't be a 'reactive' system, patching exploits and issuing virus signatures in response to hackers. Instead, security should be an active solution that 'allows' the good rather than seeking to prevent the bad. SafeCentral is just one example of this new paradigm in security.