CERT Coordination Center
HomeSite IndexSearchContactFrequently Asked Questions
Vulnerabilities, Incidents & FixesSecurity Practices and EvaluationsSurvivability Research and AnalysisTraining and Education
Options

 Vulnerabilities, Incidents & Fixes

Security Practices & Evaluations

Survivability Research & Analysis

Training & Education

 Related
CERT Contact Information

CERT Statistics

Meet the CERT/CC

CERT/CC Overview and Intruder Trends

CERT Annual Reports

Publications by CERT/CC Staff

Presentations by CERT/CC Staff

Press Releases

Employment Opportunities

Other Sources of Security Information

 Messages
comments & questions
webmaster
@cert.org.

Related Sites
Link to US-CERT

CERT/CC Statistics 1988-2004

The CERT/CC publishes statistics for

Vulnerabilities reported

 1995-1999
Year 1995 1996 1997 1998 1999
Vulnerabilities 171 345 311 262 417

2000-2004
Year 2000 2001 2002 2003 1Q-3Q 2004
Vulnerabilities 1,090 2,437 4,129 3,784 2,683

Total vulnerabilities reported (1995-3Q 2004): 15,629


Vulnerability notes published

1998-1999
Year 1998 1999
Vulnerability Notes 8 3

2000-2004
Year 2000 2001 2002 2003 1Q-3Q 2004
Vulnerability Notes 47 326 375 255 266

Total vulnerability notes published (1998-3Q 2004): 1,280


National Cyber Alert System documents published

(published on www.us-cert.gov)

2004
Year 1Q-3Q 2004
Technical Cyber Security Alerts 22
Cyber Security Alerts 14
Cyber Security Tips 18
Cyber Security Bulletins 21
Totals 75

Total National Cyber Alert System documents published (1Q-3Q 2004): 75


Security alerts published

Note: Information previously published in CERT advisories, incident notes, and summaries is now incorporated into National Cyber Alert System documents.

1988-1989
Year 1988 1989
Advisories 1 7
Totals 1 7

1990-1999
Year 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999
Advisories 12 23 21 19 15 18 27 28 13 17
Incident Notes                 7 8
Vendor Bulletins         2 10 20 16 13  
Summaries           3 6 6 8 5
Totals 12 23 21 19 17 31 53 50 41 30

2000-2004
Year 2000 2001 2002 2003 1Q 2004
Advisories 22 37 37 28 2
Incident Notes 10 15 6 4 2
Summaries 4 4 4 4  
Totals 36 56 47 36 4

Total security alerts published (1988-1Q 2004): 484


Mail messages handled

1988-1989
Year 1988 1989
Mail 539 2,869

1990-1999
Year 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999*
Mail 4,448 9,629 14,463 21,267 29,580 32,084 31,268 39,626 41,871 34,612

2000-2004
Year 2000 2001 2002 2003 1Q-3Q 2004
Mail 56,365 118,907 204,841 542,754 552,320

Total mail messages handled (1988-3Q 2004): 1,737,443


Hotline calls received

1992-1999
Year 1992 1993 1994 1995 1996 1997 1998 1999
Calls 1,995 2,282 3,665 3,428 2,062 1,058 1,001 2,099

2000-2004
Year 2000 2001 2002 2003 1Q-3Q 2004
Calls 1,280+ 1,417+ 880+ 934+ 650+

Total hotline calls received (1992-3Q 2004): 23,479+


Incidents reported

Note: Given the widespread use of automated attack tools, attacks against Internet-connected systems have become so commonplace that counts of the number of incidents reported provide little information with regard to assessing the scope and impact of attacks. Therefore, as of 2004, we will no longer publish the number of incidents reported. Instead, we will be working with others in the community to develop and report on more meaningful metrics, such as the 2004 E-Crime Watch Survey. We welcome ideas and proposals for other collaborations in this area.

1988-1989
Year 1988 1989
Incidents 6 132

1990-1999
Year 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999
Incidents 252 406 773 1,334 2,340 2,412 2,573 2,134 3,734 9,859

2000-2003
Year 2000 2001 2002 2003
Incidents 21,756 52,658 82,094 137,529

Total incidents reported (1988-2003): 319,992

An incident may involve one site or hundreds (or even thousands) of sites. Also, some incidents may involve ongoing activity for long periods of time.


CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark office.
Copyright 2004 Carnegie Mellon University.

Disclaimers and copyright information.

Last updated October 19, 2004