CyberNews Briefs

25% of software vulnerabilities remain unpatched for more than a year

While it may seem logical that larger organizations are better at handling patch management than small firms with limiter resources, new research by Kenna Security and the Cyentia Institute shows that the opposite is true. The report also highlights the poor state of patch management in general.

On average, organizations take 26 days to patch 25% of the security vulnerabilities affecting their systems, while after 100 days, or over 3 months, only half of flaws are fixed. Even more shocking is that on average, 25% of security flaws are still not patched after 392 days, which is around 13 months. Smaller organizations tend to patch faster, which according to the report has to do with “the compounding difficulty of managing larger IT environments.”

Read more: 25% of software vulnerabilities remain unpatched for more than a year

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.