Vulnerability management: Not a patch on where we should be?
School of Science/ECU Security Research Institute
Effective vulnerability management, particularly in the context of end-user systems, is inextricably linked to the timely application of software updates and patches. Vulnerabilities continue to be discovered, even in established software, and so impose a continual demand for our attention. The most recent findings from Secunia indicate a 55% increase in the five-year trend, with an 18% increase on the previous year (with 15,435 vulnerabilities detected in the latter period).1 Many of these will have led to resultant updates, which must be applied if systems are to remain protected against exploitation. Many network breaches continue to occur because systems are running with known security vulnerabilities, which in turn highlights the importance of updating software. However, despite various moves to raise awareness and automate the process, many users (and indeed organisations) appear to leave themselves vulnerable as a result of lax maintenance practices. Steve Furnell examines evidence of these poor practices across both system and application software updates, as well as some of the factors that can lead to updates being delayed or ignored.