Study: Bad security flaws don't die

Thursday, 31 July 2003, 6:33 PM EST

The data--released Wednesday at the Black Hat Briefings security Conference here--also showed that some flaws don't completely die out over time but actually make a comeback. The vulnerabilities exploited by the Code Red and SQL Slammer worms, for example, are allowing those threats to reassert themselves on the Internet, said Gerhard Eschelbeck, chief technology officer for vulnerability-assessment company Qualys.

"There is something going on that is bringing vulnerabilities back to life," Eschelbeck said, adding that the main theory is that companies continue to install systems that include out-of-date software.

The study, which correlates nearly 1.5 million scans done by Qualys over a year and a half, underscores the need for customers to be more proactive about patching systems and for software makers to weed out vulnerabilities during development.

The more serious the vulnerability, the quicker the companies patched it, the study found. Companies took longer to fix flaws thought to be less serious--as much as 60 days longer--by which time, in 80 percent of the cases, security researchers and hackers had released programs to exploit the flaws.

[ Read more ]


The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 1st