“The majority of vulnerabilities remain unpatched by the enterprise a month after discovery, researchers have found. According to CA Veracode’s latest State of Software Security (SOSS) report, up to 70 percent of bugs remain unpatched four weeks after disclosure, and close to 55 percent are not resolved three months after discovery. Vulnerabilities impacting organization networks, apps, and infrastructure are not all equal, and part of responsible security practices require that IT staff triage issues to resolve and patch the bugs which are considered the most dangerous to that company. However, according to the cybersecurity firm, 25 percent of vulnerabilities which are attributed high-severity ratings are not addressed within 290 days, and a quarter of disclosed bugs which may not be so critical remain unpatched well after a year. In total, Veracode says that approximately one in four vulnerabilities are resolved within 21 days, but this still potentially leaves open a channel for successful cyberattacks.”
Source: Most enterprise vulnerabilities remain unpatched a month after discovery | ZDNet
