"The Laws 2.0 reveals vulnerability half-life,
prevalence, persistence and exploitation trends for five critical
industry segments including Finance, Healthcare, Retail,
Manufacturing and Services. These trends were drawn from a
statistical analysis of more than 680 million vulnerabilities out
of which 72 million vulnerabilities are critical, generated by 80
million scans during 2008.
"The Laws derived from this research are:
"1. Half-Life - The half-life of critical vulnerabilities
remained at 30 days across all industries. Comparing individual
industries, the Service industry has the shortest half-life of 21
days, Finance ranked second with 23 days, Retail ranked third with
24 days and Manufacturing ranked last with a vulnerability
half-life of 51 days.
"2. Prevalence - Sixty percent of the most prevalent and
critical vulnerabilities are being replaced by new vulnerabilities
on an annual basis. This number has increased from the 2004
research where it was 50 percent. The top stragglers according to
Laws 2.0 are MSFT Office, Windows 2003 SP2, Adobe Acrobat and Sun
Java Plug-in."