Long patch cycle for enterprises


Enterprises take 30 days to patch half of the vulnerable systems in their organizations, according to a study by vulnerability assessment firm Qualys.

A 30-day patching cycle is "significant exposure," Gerhard Eschelbeck, chief technology officer and vice president of engineering at Qualys, said in presenting the data at a panel held during last week's RSA Conference in San Francisco.

"We have to make every possible effort to make this cycle shorter," he said.

Eschelbeck said companies need to focus on the top 10 most critical vulnerabilities, but he noted that the list is not static.

"Fifty percent of the most prevalent and critical vulnerabilities are being replaced by new ones on an annual basis," he said. "This top 10 list is a shifting target."

In addition, old vulnerabilities, such as the one that led to the Code Red attack still linger. "Some vulnerabilities will never go away from the internet," Eschelbeck said.



Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.