Vulnerability management: Not a patch on where we should be?
Document Type
Journal Article
Publication Title
Network Security
Publisher
Elsevier
School
School of Science / Security Research Institute
RAS ID
22830
Abstract
Effective vulnerability management, particularly in the context of end-user systems, is inextricably linked to the timely application of software updates and patches. Vulnerabilities continue to be discovered, even in established software, and so impose a continual demand for our attention. The most recent findings from Secunia indicate a 55% increase in the five-year trend, with an 18% increase on the previous year (with 15,435 vulnerabilities detected in the latter period).1 Many of these will have led to resultant updates, which must be applied if systems are to remain protected against exploitation. Many network breaches continue to occur because systems are running with known security vulnerabilities, which in turn highlights the importance of updating software. However, despite various moves to raise awareness and automate the process, many users (and indeed organisations) appear to leave themselves vulnerable as a result of lax maintenance practices. Steve Furnell examines evidence of these poor practices across both system and application software updates, as well as some of the factors that can lead to updates being delayed or ignored.
DOI
10.1016/S1353-4858(16)30036-8
Access Rights
subscription content
Comments
Furnell, S. (2016). Vulnerability management: not a patch on where we should be?. Network Security, 2016(4), 5-9. Available here