Companies slowest to fix Office, Acrobat flaws

[Jeffrey Walton <noloader () gmail com>]

http://www.securityfocus.com/brief/954

In a report published at last week's RSA Security Conference, the firm
released the results of the approximately 80 million vulnerability
scans it conducted for its customers in 2008. During the scans, Qualys
detected 680 million vulnerabilities, of which about 11 percent were
considered critical.

Depending on the industry, companies typically patched their systems
at different speeds. The service industry appeared to fix issues the
fastest, with 50 percent of all systems patched in the three weeks
following the release of a fix for a particular flaw. The financial
and retail sectors lagged slightly behind, with an average
vulnerability half-life, in which half of systems are patched, of 23
and 24 days, respectively. Manufacturing companies took much longer to
patch — with a 51-day half-life — while healthcare companies split the
difference with a 38-day half-life.

The average of all companies, 29.5 days, was only slightly better than
a previous study performed by Qualys in 2003, finding a median patch
time of 30 days. Yet, the company said that attackers were producing
exploits much faster, with 80 percent of exploits appearing on the
Internet within 10 days, according to the firm.

...

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------