From RSA 2006: 'Tis the year to cut down vulnerabilities
By Frank Washkuch on Feb 16, 2006 11:39PM
Qualys has set a worthy goal for security companies to chase throughout 2006: cutting the half-lives of vulnerabilities by one-fifth.
Speaking at the 2006 RSA Conference in San Jose on Wednesday, Terry Ramos presented his company's "Laws of Vulnerabilities," pointing out that malicious software continues to increase.
"Malicious code continues to grow," he said, repeating the study's general findings. "New vulnerabilities are announced every week."
Seventy percent of the data for the survey was compiled from global enterprise networks, while 30 percent was taken from random trials, Ramos said. It was based on the results of 32 million network scans from the third quarter of 2002 to the same time in 2005.
Flaws are quickly taken advantage of by malicious users, Ramos added.
"Within days, there are exploits available for 80 percent of vulnerabilities. So, it is a race," he said. "Ninety percent of vulnerability exposures are caused by just 10 percent of critical vulnerabilities."
Time is also of the essence in battling planned attacks, Ramos added.
"Automated attacks create the most damage in their first 15 days," he said.