nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Most of 2016's holes had fixes the day we knew about 'em. Did we patch? Did we @£$%

Code red on code-fix rates

By John Leyden, 13 Mar 2017

Patching rates went down in 2016 despite an increase in availability of security patches, according to a new study out today.

Last year Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors.

Even though a big majority (81 per cent) of all vulnerabilities had patches on the day of disclosure there was a decrease in patching rates. This is a clear indicator that the software supply chain is broken, according to security researchers.

The rate of unpatched PDF Readers is very high, according to Secunia. Three in four (75 per cent) of its private users ran unpatched versions of Adobe Reader in 2016, despite a plethora of available patches.

Other findings in the Vulnerability Review 2017 confirm trends from previous years: The number of zero-day vulnerabilities (22) was a bit lower than the 26 recorded in 2015.

The split between vulnerabilities in Microsoft and non-Microsoft products in the 50 most popular applications on private PCs is at 22.5 per cent and 77.5 per cent.

Last year 713 vulnerabilities were discovered in the five most popular browsers (Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari). That is a 27.5 per cent decrease from 2015. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing