Zero-Days Doubled In 2015, More Companies Hiding Breach Data, Says Symantec

Reader itwbennett writes: According to a new report by security firm Symantec, 54 zero-day vulnerabilities were discovered in 2015, more than twice as many as in 2014, and the number of breaches -- 10 million records -- also hit a record high. Driving this is a new professionalism in the market. "People figured out that they could make money by finding zero-day vulnerabilities and selling them to attackers," said Kevin Haley, director of security response at Symantec. "So there became a marketplace, and these things started to have value, and people started to hunt for them." At the same time, 2015 saw another disturbing trend: The number of companies choosing not to report the number of records they have lost rose by 85 percent (from 61 in 2014 to 113 in 2015). "More and more companies aren't actually revealing what was breached," said Haley. 'They will say attackers came and stole from us, but not saying how many records were lost."

Time for compulsory disclosure

[Gravis+Zero]

It seems to be in the interest of the general good that companies be legally compelled to disclose when they have been breached as well as the extent of the breach. If nothing else, this will enhance the "Free Market" by driving people away from companies that are irresponsible.

Therefore, I predict a number of marionettes-err-congress critters-err-politicians will be against this idea.