Microsoft has released Volume 11 of their “Microsoft Security Intelligence Report” or SIRv11, which provides “An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011”.
One tidbit of interesting information contained in the report is that in the first half of 2011, less than one percent of exploits were against zero-day vulnerabilities and 99 percent of all attacks during the same period distributed malware through familiar techniques like social engineering and unpatched vulnerabilities.
I encourage you to read it in its electronic format as it is 168 pages of eye-glazing information, and we wouldn’t want to kill a tree for it.
You can find the full report and further information at: http://www.microsoft.com/sir