Endpoint Security , Governance , Patch Management

Vulnerability Management: Why the Problem Can't Be Solved

86 Percent of Bugs Patchable Within 24 Hours, Says Flexera's Alejandro Lavie
Alejandro Lavie, director, security strategy, Flexera

Organizations that use unpatched software face a race against the clock, with attackers regularly beginning to hammer new vulnerabilities just hours after new fixes or security alerts get released to the public.

See Also: Live Webinar | BSIMM: How To Assess Your Software Security Initiative

"There is a massive amount of vulnerabilities that customers have to deal with on an ongoing basis. Not everything is lost, though," says Alejandro Lavie, director of security strategy at Flexera, who references findings from his company's latest Vulnerability Review.

"There's a good piece of information there: 86 percent of the vulnerabilities have a patch available within 24 hours of their disclosure," he adds. "That means there's hope for those that are trying to do patch management quickly on those vulnerabilities."

Keeping track of new fixes, however, is no easy effort. Flexera's Secunia Research team found that the number of documented, unique vulnerabilities in software increased by 14 percent last year - from 17,147 in 2016 to 19,954 in 2017 - across about 2,000 products from 200 vendors. In addition, more than 52 percent of all vulnerabilities counted in 2017 were found outside Microsoft, Adobe, Java, or Google Chrome and Mozilla Firefox browsers.

In a video interview at RSA Conference 2018, Lavie discusses:

  • Highlights from Flexera's latest Vulnerability Review report;
  • Why patch management isn't a problem that can be solved;
  • Why so many large organizations are so far behind the patch management curve;
  • Recommendations for organizations to get a better handle on patch management.

Lavie is director of security strategy at Flexera. He's previously held positions at Secunia - acquired by Flexera 2015 - as well as at Covisint, CA Technologies, AfterIdeas and MPR de Venezuela.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.