Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, April 18, 2006

It takes too long to patch

The last few months have seen a number of companies being criticised for taking too long to release patches for critical vulnerabilities.  At the same time, response speed is becoming quicker, reducing the window of opportunity available to attackers.  The study shows that 19% of companies take more than a week to patch vulnerabilities, while 27% take at least two days.  Overall, nearly half of those questioned claimed their computer systems were never completely protected.  Another recent survey of consumer security showed that although 83% of users currently have an anti-virus product installed, 56% had not updated this software in the week before the survey was carried out.

Malicious users are also adapting and are exploiting security flaws quicker than ever before, paving the way to the appearance of so-called “zero-day” exploits: these appear virtually at the same time that the vulnerability is disclosed.

Posted on 04/18