Linux Today: Linux News On Internet Time.

Most Extensive Real-World Vulnerability Research

Apr 23, 2009, 21:07 (0 Talkback[s])

[ Thanks to An Anonymous Reader for this link. ]

"The Laws 2.0 reveals vulnerability half-life, prevalence, persistence and exploitation trends for five critical industry segments including Finance, Healthcare, Retail, Manufacturing and Services. These trends were drawn from a statistical analysis of more than 680 million vulnerabilities out of which 72 million vulnerabilities are critical, generated by 80 million scans during 2008.

"The Laws derived from this research are:

"1. Half-Life - The half-life of critical vulnerabilities remained at 30 days across all industries. Comparing individual industries, the Service industry has the shortest half-life of 21 days, Finance ranked second with 23 days, Retail ranked third with 24 days and Manufacturing ranked last with a vulnerability half-life of 51 days.

"2. Prevalence - Sixty percent of the most prevalent and critical vulnerabilities are being replaced by new vulnerabilities on an annual basis. This number has increased from the 2004 research where it was 50 percent. The top stragglers according to Laws 2.0 are MSFT Office, Windows 2003 SP2, Adobe Acrobat and Sun Java Plug-in."

Complete Story

Related Stories: