When criminals hack their way into the enterprise it is generally through a software vulnerability. Likewise when data is stolen from portals or Web sites, vulnerabilities are often to blame. Recent studies show that the problem is not getting better.
Vulnerability Trends Not All Bad, but Not All Good Either
While by no means as common a threat as malware, software vulnerabilities are still a significant threat for enterprises. It is these weaknesses in application and operating system code that allow hackers access to systems and data. Figure 1 shows a significant amount of vulnerability information including overall vulnerability count and severity. It also details the average window of exposure – the time difference between vulnerability discovery and commensurate patch release.