On-demand risk and compliance software provider Qualys has launched a new piece of research which provides a neat if somewhat depressing snapshot into the attitude of organisations to patching known vulnerabilities.
The vendor analysed over 680 million vulnerabilities out of which 72 million are critical, generated by around 80 million scans of its customers' systems last year.
According to the findings, the average time it takes for firms to patch just 50 per cent of the critical vulnerabilities they find has dropped a tiny amount from when similar research was done in 2004, to about 30 days.
Some industries are doing well - the service industry has the shortest recorded time of 21 days - while others are less good; manufacturing ranked last with 51 days, for example.
According to Qualys CTO Wolfgang Kandek, there is now consciousness about patching, which is an important step forward. He added that the figures may have appeared slightly disappointing because the vendor is now tracking more variants than in previous years, so there are in effect more vulnerabilities for customers to patch.
However, the danger lies now not with OS vulnerabities, which he agreed most customers have got on top of, but vulnerabilities in things like media players and other applications.
"The OS is OK but people are missing the other stuff," he warned. "Unfortunately, attackers are not at that level - they've got much better since 2004, with single or zero day threats now common."
Plenty of food for thought for CSOs at Infosecurity Europe this year then.
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days