Patch rates decreasing as organizations struggle to keep up
- Published: Tuesday, 14 March 2017 09:09
Secunia Research at Flexera Software has published its ‘Vulnerability Review 2017’ report. This presents global data on the prevalence of vulnerabilities and the availability of patches and maps the security vulnerability threat to IT infrastructures.
In 2016, Secunia Research recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors. The breadth of the problem illustrates the challenge faced by IT teams trying to protect their environment against security breaches without the necessary automation. For organizations to stay on top of their environments, IT teams must have complete visibility of the applications that are in use, and firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed.
The good news is that patches continue to be available for the vast majority of vulnerabilities at the time they become public. In 2016, 81 percent of all vulnerabilities and 92.5 percent of applications in the Top 50 Software Portfolio that were impacted by vulnerabilities, had patches for those vulnerabilities on the day of disclosure. However, with an increase in available patches has come a decrease in patch rates.
Other key findings include:
- In 2016, Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors.
- 81 percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.
- 22 zero-day vulnerabilities were discovered in total in 2016, a decrease of 4 compared to the year before.
- 18 percent of the 3,416 advisories released in 2016 were rated as ‘Highly Critical’, and 0.5 percent as ‘Extremely Critical’.
- In 2016, 713 vulnerabilities were discovered in the five most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari. That is a 27.5 percent decrease from 2015.
- In 2016, 289 vulnerabilities were discovered in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.
Obtain the report (registration required).