Patching times improved in 2013 as vulnerability battle goes on
TechWorld - Software vendors have improved their response to security flaws in the last 12 months but some still take too long to patch the highest-risk vulnerabilities, figures from Swiss testing firm High-Tech Bridge have suggested.
Comparing 2012 to last year, the firm found that critical flaws were now being patched in 11 days (up from 17), while medium and low-risk flaws were now being fixed in 13 and 25 days respectively (as against 29 days and 48 days).
This means that the average time to patch has fallen across categories from 27 days to 18 days, a 33 percent improvement.
These statistics are based on the 62 security advisories released by High-Tech Bridge through its ImmuniWeb SaaS testing service, covering 162 vulnerabilities, so the reported improvement is indicative rather than definitive.
+ ALSO ON NETWORK WORLD Top tools for application performance monitoring +
More than half of the flaws in web apps were cross-site scripting (CSS) issues, with SQL injection in second place on 20 percent. Mature products tend to have less of these issues, the firm said, suffering more from cross-site request forgery and user-identity spoofing.
The most flaw-prone web applications during 2013 were content management and publishing systems, with in-house applications accounting for 40 percent of XSS and CSS flaws uncovered by High-Tech Bridge during penetration testing. Plugins made up another 30 percent of issues, and small CMS systems 25 percent. The largest systems such as WordPress and Joomla - whose vulnerabilities will cause the most serious problems because of their popularity - made up the final five percent.
High-Tech Bridge CEO, Ilia Kolochenko, argued that 11 days was still too long to patch serious flaws but did note:
"General awareness within vendors about the importance of application security is growing, with vendors finally taking security seriously. In the past, even well-known vendors postponed security-related fixes in favour of releasing new versions of their software with new functionality and unpatched vulnerabilities.
Is 11 days fast enough? Probably not. As patching times improve so do exploit times, holding the industry in a struggle to close a window that always seems remain wedged open. Even when flaws are patched that doesn't mean they are applied quickly, or in some cases, at all.
View post:
Patching times improved in 2013 as vulnerability battle goes on
- Joomla 1.5 - Upload An Image To Media Manager - Video - March 11th, 2014 [March 11th, 2014]
- Curso Joomla! 3.2 Bootstrap and Blank Template (parte 4) - Video - March 11th, 2014 [March 11th, 2014]
- How to Install Joomla 2.5 Manually or Browser Installation - Video - March 11th, 2014 [March 11th, 2014]
- Joomla Tutorial: 012 Create Survey's and Polls - Video - March 11th, 2014 [March 11th, 2014]
- Joomla Tutrial: 008 Make Web Pages Show up in Joomla - Video - March 11th, 2014 [March 11th, 2014]
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws - March 11th, 2014 [March 11th, 2014]
- Joomla receives patches for zero-day SQL injection vulnerability - March 11th, 2014 [March 11th, 2014]
- 9.- Webmastertool y extensiones joomla - Video - March 10th, 2014 [March 10th, 2014]
- Responsive Music Player With Playlist Joomla Module - Video - March 10th, 2014 [March 10th, 2014]
- js jobs joomla 3.0 - Video - March 10th, 2014 [March 10th, 2014]
- Joomla Virtuemart new 2 version Stock Products category Placing How To place products Virtuemart - Video - March 10th, 2014 [March 10th, 2014]
- How To Upload Shell in Joomla! Site - Video - March 10th, 2014 [March 10th, 2014]
- Best Parallax Joomla Template 2014 - Video - March 10th, 2014 [March 10th, 2014]
- Video tutorial how to increase search charaters in joomla 2 5 - Video - March 10th, 2014 [March 10th, 2014]
- T-Download Store Overview - Video - March 10th, 2014 [March 10th, 2014]
- Demo of Joomla Platform mobilefriendly app 405 - Video - March 9th, 2014 [March 9th, 2014]
- Pastor 2 - Video - March 9th, 2014 [March 9th, 2014]
- Joomla Marketing - Video - March 9th, 2014 [March 9th, 2014]
- Joomla 3.x. How to manage Komento component integrations - Video - March 8th, 2014 [March 8th, 2014]
- 1.- Introduccin curso joomla 3x - Video - March 8th, 2014 [March 8th, 2014]
- Curso de Joomla! 3.2 - Template Blank e Bootstrap (parte 1) - Video - March 8th, 2014 [March 8th, 2014]
- T3 Framework - Admin area overview - General settings - Video - March 8th, 2014 [March 8th, 2014]
- Curso de Joomla! 3.2 - Bootstrap e Blank Template (parte 3) - Video - March 8th, 2014 [March 8th, 2014]
- Joomla! Resource Directory Unveiled at JoomlaDay Boston 2014 - March 8th, 2014 [March 8th, 2014]
- Stock Photo OG-RAC-2012: Joomla - Video - March 6th, 2014 [March 6th, 2014]
- Template Joomla! - Vida Yootheme Slideshow, Menu e Sidebar - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte3) - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 5) - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 6) - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - Vdeo-tutorial Template Blank (parte 7) - Video - March 6th, 2014 [March 6th, 2014]
- Sql Joomla By Root Devil - Video - March 6th, 2014 [March 6th, 2014]
- How to Recover your Username and Password in Joomla 3 - Video - March 6th, 2014 [March 6th, 2014]
- Preview Fashion Design School Joomla Template TMT - Video - March 6th, 2014 [March 6th, 2014]
- How To Blog With Joomla - March 5 Joomla Detroit Meetup - Video - March 6th, 2014 [March 6th, 2014]
- Joomla extension tutorial - JA Extension Manager Component - Video - March 5th, 2014 [March 5th, 2014]
- The Best Free Responsive Joomla template ever - Purity III - Video - March 5th, 2014 [March 5th, 2014]
- Not a drop in the bucket: More than 1 million websites now use Drupal - March 5th, 2014 [March 5th, 2014]
- Joomla 2.5 - Configuracin global - Video - March 4th, 2014 [March 4th, 2014]
- Setting External Links in Joomla 3 using JCE - Video - March 4th, 2014 [March 4th, 2014]
- joomla 3.2 video tutorials for beginners, joomla 3.2 video tutorials step by step, - Video - March 4th, 2014 [March 4th, 2014]
- The New CMS - March 4th, 2014 [March 4th, 2014]
- Joomla! 3.2 - Publicando site no servidor com Akeeba Backup - Video - March 3rd, 2014 [March 3rd, 2014]
- Best Hosting Video | How to add RSS Newsfeeds in Joomla 2.5 - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla! 3.2 publicao do site com akeeba (parte 3) - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla! 3.2 publicando site com akeeba (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
- [SEMINARIO] Come creare un sito Joomla! in pochi passi - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla extension tutorials - JA Multilingual Component - Video - March 3rd, 2014 [March 3rd, 2014]
- Exploit Joomla site by JCE Editor using PHP Script and google dork - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla! 3.2 vde-tutorial Blank Template (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
- Preview Magnificent Beer Pub Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
- Best Hosting Video | How to create a database backup of Joomla 2.5 using phpMyAdmin - Video - March 2nd, 2014 [March 2nd, 2014]
- joomla installation step by step - Video - March 2nd, 2014 [March 2nd, 2014]
- Preview University Responsive Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
- how to install joomla 3-2-2 on localhost windows 7 easy 8 min - Video - February 28th, 2014 [February 28th, 2014]
- Joomla! User Group Toronto Steering Committee Meeting 2014/02/26 - Video - February 28th, 2014 [February 28th, 2014]
- Security Patch Joomla 1.5 - Video - February 28th, 2014 [February 28th, 2014]
- NetHosting Adds Unprecedented Web Maintenance Service to Product Lineup - February 28th, 2014 [February 28th, 2014]
- 63 Agency - A Pro Joomla 2.5 / 3.0 Responsive Template - Video - February 27th, 2014 [February 27th, 2014]
- joomla tutorial, joomla tutorials video, Joomla 3.2 Video Tutorials - Video - February 27th, 2014 [February 27th, 2014]
- Joomla Destination Container - Video - February 27th, 2014 [February 27th, 2014]
- Joomla! Framework Licensing Debate & Explaination - Video - February 27th, 2014 [February 27th, 2014]
- Preview White Apparel Joomla Template by Jade TMT - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to create Featured (Front page) Articles in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to block or delete a Super Administrator in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to use Private Messaging in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to manage Weblinks in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to manage Languages in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to create a Login module in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- ACL no Joomla! 3.2 - Video - February 25th, 2014 [February 25th, 2014]
- Joomla! 3.2 Autenticao com TwoFactor - Video - February 25th, 2014 [February 25th, 2014]
- JOOMLA 2.5 TUTORIAL LESSON 1 - Video - February 25th, 2014 [February 25th, 2014]
- Buzzflash.com Launches a New Joomla Portal for Truthout News Organization - February 25th, 2014 [February 25th, 2014]
- How to set user permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
- View different folder permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
- View user logs in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to upload files, delete files, create folders in J!Extranet 5.0 Extended version and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
- How to use My Vault in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to remove front-end menu items in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to set user permissions in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to move folders in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]