Experts have named the average time for fixing vulnerabilities in computer programs


 In almost 44% of cases, developers of computer programs fix discovered vulnerabilities in products from the point of view of information security only after three months due to slow software updates. According to the experts interviewed, "digital stalling" is associated with the coronavirus pandemic.


As noted, in some cases, the error is not eliminated even after six months. One of the main reasons for this, according to experts, is the increased workload on local IT specialists, who are forced to work remotely due to the pandemic. According to experts, sometimes there are not enough resources even to resist hacker attacks.


As noted by the authors of the study - specialists from Orange Cyberdefense - 19% of errors were corrected within seven days after receiving the message, another 10.1% - within 8-30 days. In the interval from 31 to 90 days, 27.4% of vulnerabilities were closed. It took between 91 and 180 days to fix 29.2% of the problems. And 14.3% of errors were not fixed even after 180 days.


The study took into account 168 types of vulnerabilities that have appeared in the Common Vulnerabilities and Exposures (CVE), a database of commonly known vulnerabilities, over the past year. The Orange Cyberdefence division in Russia noted that attackers regularly access data from CVE.


"In some cases, especially if there is already a ready-made exploit (a piece of program code or a sequence of commands that exploit vulnerabilities in software and are used for attacks. - Ed.), Attackers start scanning company resources in search of a new vulnerability just a few hours after the news appears." , - said Ekaterina Kilyusheva, head of the information security (IS) analytics department at Positive Technologies.


At the same time, according to some experts, different problems require different solutions and there is no conditional standard for how long it takes to fix vulnerabilities.

Previous Post Next Post