Security Basics mailing list archives
Companies slowest to fix Office, Acrobat flaws
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 5 May 2009 13:24:25 -0400
http://www.securityfocus.com/brief/954 In a report published at last week's RSA Security Conference, the firm released the results of the approximately 80 million vulnerability scans it conducted for its customers in 2008. During the scans, Qualys detected 680 million vulnerabilities, of which about 11 percent were considered critical. Depending on the industry, companies typically patched their systems at different speeds. The service industry appeared to fix issues the fastest, with 50 percent of all systems patched in the three weeks following the release of a fix for a particular flaw. The financial and retail sectors lagged slightly behind, with an average vulnerability half-life, in which half of systems are patched, of 23 and 24 days, respectively. Manufacturing companies took much longer to patch — with a 51-day half-life — while healthcare companies split the difference with a 38-day half-life. The average of all companies, 29.5 days, was only slightly better than a previous study performed by Qualys in 2003, finding a median patch time of 30 days. Yet, the company said that attackers were producing exploits much faster, with 80 percent of exploits appearing on the Internet within 10 days, according to the firm. ... ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Companies slowest to fix Office, Acrobat flaws Jeffrey Walton (May 05)