Much ado about patching
Vulnerability assessment firm Qualys supported the statements, made during a panel discussion at the RSA Security Conference, with data culled from monitoring its clients' networks. The data, collected over two years, shows that it takes a month to cut by half the number of vulnerable computers connected to the Internet.
That's far too long to wait to fix the worst security flaws, said Gerhard Eschelbeck, chief technology officer and vice president of engineering for Qualys.
"What the data is telling us today is that we have a cycle of fixing vulnerabilities...that leaves up open to significant exposure," he said. "We need to make every possible effort to shorten the cycle."
[ Read more ]
- Article: HNS Coverage from the RSA Conference 2004 USA (24 February 2004)