Even though two out of every three machines are vulnerable to one or more critical vulnerabilities, enterprises are managing to patch faster than ever, a researcher said on the eve of his keynote speech at a security conference.
The “half-life” of vulnerabilities — the amount of time it takes companies to patch half of their systems against a newly-disclosed bug — continues to drop, said Gerhard Eschelbeck, the chief technology officer of Qualys and the creator of his self-titled “Laws of Vulnerabilities.” Eschelbeck based his research on statistical analysis of 21 million critical vulnerabilities, and 32 million network scans conducted over a three-year period.
Companies have made dramatic progress in patching internal computers, too; the half-life of these computers was cut by 23 percent in the last year, said Eschelbeck, down from 62 in 2004.