- Jul 22, 2014
- 2,525
More bugs are being squashed by the enterprise, but the time it takes to do so leaves organizations at risk.
The majority of vulnerabilities remain unpatched by the enterprise a month after discovery, researchers have found.
According to CA Veracode's latest State of Software Security (SOSS) report, up to 70 percent of bugs remain unpatched four weeks after disclosure, and close to 55 percent are not resolved three months after discovery.
Vulnerabilities impacting organization networks, apps, and infrastructure are not all equal, and part of responsible security practices require that IT staff triage issues to resolve and patch the bugs which are considered the most dangerous to that company.
However, according to the cybersecurity firm, 25 percent of vulnerabilities which are attributed high-severity ratings are not addressed within 290 days, and a quarter of disclosed bugs which may not be so critical remain unpatched well after a year. .
...
The majority of vulnerabilities remain unpatched by the enterprise a month after discovery, researchers have found.
According to CA Veracode's latest State of Software Security (SOSS) report, up to 70 percent of bugs remain unpatched four weeks after disclosure, and close to 55 percent are not resolved three months after discovery.
Vulnerabilities impacting organization networks, apps, and infrastructure are not all equal, and part of responsible security practices require that IT staff triage issues to resolve and patch the bugs which are considered the most dangerous to that company.
However, according to the cybersecurity firm, 25 percent of vulnerabilities which are attributed high-severity ratings are not addressed within 290 days, and a quarter of disclosed bugs which may not be so critical remain unpatched well after a year. .
...