Skip to Content
Uncategorized

Firms Patch Some Bugs Quicker Than Others

Vulnerabilities in core software are dealt with quickly, while other applications have to wait.
July 29, 2009

Companies give priority to patching core software, such as Microsoft’s Windows and Internet Explorer, according to the latest data from vulnerability-scanning firm Qualys.

The firm found that companies take about a month to patch half of all vulnerable systems–a data point the firm refers to as the “vulnerability half-life”–and only 15 days to patch half of their core Microsoft systems. Desktop applications, such as Microsoft Office and Adobe Reader, require far longer to patch, says Wolfgang Kandek, chief technology officer of Qualys. The firm released its Laws of Vulnerabilities study on Wednesday at the Black Hat Security Conference in Las Vegas. Companies are “very, very slow” at patching Adobe software on their desktop systems, Kandek says.

“With Word and Excel, you can see that someone is [patching] the software,” he says. “But with Adobe, they don’t seem to have focused on it yet.”

Qualys, whose service allows companies to scan for known vulnerabilities, released initial data on the trends in vulnerabilities and patching in April. The company found that manufacturing firms were the slowest to patch their systems, taking more than 50 days to patch half their computers, while financial and retail industries took less than 25 days.

The latest study gives more details about another trend: Companies are slow to patch popular, but non-Microsoft, software. Most applications have an automated update feature, or at least check for updates, but many companies do not allow their desktop systems to patch themselves.

“By managing the process themselves, it gives them a chance to check things (such as compatibility issues), but at the expense of being vulnerable,” Kandek says. Adobe expects to patch a major vulnerability in its Flash Player and Adobe Reader and Acrobat later this week.

“The main threats have migrated to the desktop, so it would be a good time to review how you [as a company] patch the desktop,” Kandek says.

Deep Dive

Uncategorized

Our best illustrations of 2022

Our artists’ thought-provoking, playful creations bring our stories to life, often saying more with an image than words ever could.

How CRISPR is making farmed animals bigger, stronger, and healthier

These gene-edited fish, pigs, and other animals could soon be on the menu.

The Download: the Saudi sci-fi megacity, and sleeping babies’ brains

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. These exclusive satellite images show Saudi Arabia’s sci-fi megacity is well underway In early 2021, Crown Prince Mohammed bin Salman of Saudi Arabia announced The Line: a “civilizational revolution” that would house up…

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.