Infosec: Companies dragging their feet with patches

Healthcare companies and the manufacturing industry the worst

By Jeremy Kirk | IDG News Service | Published 14:59, 29 April 09

Also in this channel

PCs 'still at risk' from ConfickerOne in five still unpatched >>
Adobe warns hackers are exploiting Flash zero-day vulnerabilityFlash and Reader patch due next week >>
Adobe patches are being ignoredCompanies not keeping up to date >>
Have you applied these patches?Don't start the new year without applying the five essential fixes of 2009 >>
Six ways to protect against the new actively exploited Java vulnerabilitySecurity researchers proposed several methods to protect computers from being compromised via a new Java vulnerability >>
Are you ready for targeted attacks on document shell code? Not affected yet? Don’t be complacent warn security researchers >>

BlackBerry 10

Check out our latest articles about BlackBerry's new mobile OS BlackBerry 10.

Companies are hardly patching vulnerabilities any more quickly than they were five years ago, according to a new study.

Some 680 million vulnerabilities were found in 2008, with 72 million constituting critical ones, said Wolfgang Kandek, chief technology officer at Qualys, the security supplier that conducted the research. This meant the software problem could allow a hacker to take control of a computer remotely and install malicious software.

The figures have barely changed since Qualys released its last study in 2004. Then, it took an average of 30 days to hit the half-patched mark. For 2008, that figure has only marginally improved to 29.5 days, Kandek said.

The latest data was collected throughout 2008, after Qualys scanned 80 million IP addresses using 200 scanners that looked at Internet-facing PCs and 5,000 internal scanners behind firewalls on company intranets.

Qualys has created its own measurement, called "half life", for how quickly companies patch. The measurement is the number of days it takes a companies in a certain industry to patch half of the vulnerabilities that have been publicly released.

"The patch cycle hasn't really accelerated," Kandek said during the InfoSecurity conference in London.

Slideshows: RSA 2013: Six security startups

Also in slideshows :

Access Computerworld on your mobile

Get the latest news & updates from Computerworld UK on the move. Find out more

BlackBerry 10

Check out our latest articles about BlackBerry's new mobile OS BlackBerry 10.

Virtualising the heart of your business

Explore ways to meet the requirements of today's cloud computing and Big Data challenges.

Cloud storage

Check out our latest articles about cloud storage on Computerworld UK.

How to hack an iPad

Prevent access with a four-digit PIN code or beware - your device can be hacked!

How to secure your files in the cloud with Dropbox

Simple tips to stop online attackers seeing your data

15 free security tools you should try

Here are some of the best-known free security tools you can try inside your own network

Bamital click-fraud botnet taken out by Microsoft and Symantec

Botnet infected up to 8 million computers in two years, the companies said

Cyber confusion at the heart of Government

Shadow Cabinet Office Minister Chi Onwurah calls for action from the government to tackle cyber crime

A simple guide to vulnerability management tools

How to cut down enterprise risk

10 security industry All-Stars

From Bruce Schneier to Moxie Marlinspike, these folks are the ones to isten to for security insight

Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data

US firm complacent about serious breaches, Bloomberg alleges

U.S. gets flood of H-1B petitions on first day

Sky customers furious after troubled email migration from Gmail to Yahoo!

Universal Credit in the spotlight again as pilot timetable changes

Blogs

Bringing big data to fraud management

A common theme during the recent SAS and FICO user conferences was how to use Big Data to make fraud decisions faster, more accurately and without impacting the customers in any negative way. Big Data is basically about 3Vs: Volume,...read more »

Samsung Galaxy S4: Why it is important for fraud management professionals

Well, we just saw Samsung launch its latest ubergizmo with tons of interesting features, like pause video playback at the blink of the eye. However, there is an important hardware feature of the Samsung Galaxy S4 to note here: finally...read more »

Collaborate with your non-security peers to see how objectives intersect

“Enterprise rights management? What does that even mean?! You’re using security speak!” exclaimed my colleague TJ Keitt. TJ sits on a research team serving CIOs, and covers collaboration software. We were having a discussion around collaboration software and data security...read more »

Observations on the 2013 Verizon Data Breach Investigations Report

I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.) I have found the report to be valuable year after year. This is the 6th iteration and this year’s report includes...read more »

more blogs ..

Rimini Street gets another £10m to keep piling the pressure on SAP and Oracle

IT Business >>

Blue Coat Systems to acquire security analytics firm Solera Networks

Security >>

Salesforce.com aims its customer service, social monitoring apps at governments

Applications >>

Slideshows
White Papers
Videos
Newsletters

Login

Please login to ComputerworldUK.com

Forgot password?

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.
Register

Infosec: Companies dragging their feet with patches

Healthcare companies and the manufacturing industry the worst

Slideshows: RSA 2013: Six security startups

Access Computerworld on your mobile

BlackBerry 10

Virtualising the heart of your business

Cloud storage

Most Popular in Security

How to hack an iPad

How to secure your files in the cloud with Dropbox

15 free security tools you should try

Bamital click-fraud botnet taken out by Microsoft and Symantec

Cyber confusion at the heart of Government

A simple guide to vulnerability management tools

10 security industry All-Stars

Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data

Editor's Pick

U.S. gets flood of H-1B petitions on first day

Sky customers furious after troubled email migration from Gmail to Yahoo!

Universal Credit in the spotlight again as pilot timetable changes

Blogs

Bringing big data to fraud management

Samsung Galaxy S4: Why it is important for fraud management professionals

Collaborate with your non-security peers to see how objectives intersect

Observations on the 2013 Verizon Data Breach Investigations Report

Rimini Street gets another £10m to keep piling the pressure on SAP and Oracle

Blue Coat Systems to acquire security analytics firm Solera Networks

Salesforce.com aims its customer service, social monitoring apps at governments

Apple to build Macs in low-tax Texas

Aviva adopts cloud-based financial forecasting

Google to boost speed, cut data use on mobile devices

Login

Not a member yet?

Sponsored Links »

Popular Topics »