• Higher quality of software application code: Web-application vulnerabilities called cross-site scripting (XSS) are half as likely to exist in clients' software as they were four years ago, IBM stated. However, XSS vulnerabilities still appear in about 40% of the IBM scans.

• Fewer exploits: When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30% fewer exploits were released in 2011 than were seen on average over the past four years.

Of course there is a dark side. These are new security problem trends IBM reported:

• Shell command injection vulnerabilities more than doubled: For years, SQL injection attacks against Web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities -- the number of SQL injection vulnerabilities in publicly maintained Web applications dropped by 46% in 2011-- some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a Web . Shell command injection attacks rose by two to three times over the course of 2011.

• Automated password guessing: Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the 'Net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers in the latter half of 2011.