|
Page 3 of 3
Key Takeaways
Vulnerabilities aren't going away, but at least they're less severe. In general the volume of vulnerabilities has undergone a slight increase over the last three years. The severity level of those vulnerabilities has shifted notably however, as a far smaller percentage are now classed as high severity.
Vulnerability window of exposure is still too long. Even at its lowest point in the last three years, the average window of exposure was almost a month. Overall, that figure is much higher. To keep client enterprises secure, software vendors must focus more efforts on reducing this period. However, this doesn't mean enterprises should ignore their patching responsibilities. Religious patching is still mandatory.
Web applications are a bigger problem than legacy software. For all the bad press which vendors take over the vulnerabilities in their software, the majority of problems exist in Web applications. Enterprises must work hard to secure their own Web apps and be cautious when accessed ones they don't own.
The browser security war is by no means won. Yet. Contrary to popular belief, Mozilla-based browsers cannot be considered the secure alternative to IE. If current trends hold, Microsoft's browser could well establish itself as the safest option, more so even than Apple's Safari.
External vulnerability scanning the best way to assess the problem. The cost of an external vulnerability assessment is something that every enterprise should build into their annual operating budget. Tests of this kind point out exactly where the problems lie and what needs to be done to correct them.
Bottom Line
One of the most significant security problems enterprises face are software vulnerabilities which often allow hackers direct system access. Though data from the last three years shows software vulnerabilities are not trending up, it shows they are not trending down either.
This article was originally published by Info-Tech Research Group. Copyright (c) 1998-2008 Info-Tech Research Group. All rights reserved. Reprinted by permission.
Info-Tech Research Group is a professional services firm dedicated to providing premium research and objective advice to IT managers of mid-sized enterprises. The firm's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. Its practical approach is designed to have a clear and measurable positive impact on your organization's bottom line. Info-Tech serve over 21,000 clients at 8,000 organizations around the world.
Only registered users can write comments.
Please login or register.
|
