86% of software vulnerabilities patched on day 1


By Dylan Bushell-Embling
Wednesday, 04 April, 2018

86% of software vulnerabilities patched on day 1

Software vulnerabilities more than doubled between 2012 and 2017, but vendors are doing a better job of patching the holes in a timely manner, with 86% of vulnerabilities having patches available on the day of disclosure.

These are among the key findings from Flexera’s latest Vulnerability Review. The annual report found that 19,954 vulnerabilities were documented in 2017, up 14% from 2016 and more than double the 9895 vulnerabilities recorded in 2012.

The results were based on Flexera’s monitoring of more than 55,000 applications, appliances and operating systems.

Flexera Director of Research and Security Kasper Lindgaard said the results show that companies are being exposed to an escalating number of security risks.

“There’s no question based on this year’s results, the risks remain high,” he said.

“As the potential for breaches expands, the pressure is on executives to increase vigilance through better operational processes — instead of reacting to risks that hit media headlines and cause disruption. The Equifax breach and WannaCry attacks taught us that.”

But only 14 of these reported vulnerabilities were zero-day — found by attackers and exploited before public disclosure — down from 23 in 2016. In addition, the proportion of vulnerabilities with patches available within 24 hours of public disclosure increased from 81% in 2016 to 86% last year.

“Organisations need to take advantage of this knowledge to remediate most vulnerabilities before risk of exploitation increases. But the process cannot be ad hoc,” Lindgaard said.

“Without a consistently applied patching methodology, organisations will slip, leaving vulnerabilities unpatched for long periods. This gives criminals a large window of opportunity to execute their attacks.  We advise a formal, automated software vulnerability management process that leverages intelligence to identify risks, prioritise their importance and resolve threats.”

Image credit: ©stock.adobe.com/au/ArtemSam

Follow us and share on Twitter and Facebook

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd