Laws 2.0 Declared

Today we declared at the RSA Conference the new Laws of Vulnerabilities 2.0 with focus on 5 critical industry segments. The findings are very interesting and the research shows that most industries are still slow in their patching and remediation efforts. Summary of the new Laws:

Half-Life–The half-life of critical vulnerabilities remained at 30 days across all industries. Comparing individual industries, the Service industry has the shortest half-life of 21 days, Finance ranked second with 23 days, Retail ranked third with 24 days and Manufacturing ranked last with a vulnerability half-life of 51 days.

Prevalence–Sixty percent of the most prevalent and critical vulnerabilities are being replaced by new vulnerabilities on an annual basis.

Persistence–The Laws 2.0 declared that the lifespan of most, if not all vulnerabilities is unlimited and a large percentage of vulnerabilities are never fully fixed.

Exploitation–Eighty percent of vulnerability exploits are now available within single digit days after the vulnerability’s public release.

Full findings are included in the PDF on the side.
Link to Press Release.