A 30-day patching cycle is "significant exposure," Gerhard Eschelbeck, chief technology officer and vice president of engineering at Qualys, said in presenting the data at a panel held during last week's RSA Conference in San Francisco.
"We have to make every possible effort to make this cycle shorter," he said.
Eschelbeck said companies need to focus on the top 10 most critical vulnerabilities, but he noted that the list is not static.
"Fifty percent of the most prevalent and critical vulnerabilities are being replaced by new ones on an annual basis," he said. "This top 10 list is a shifting target."
In addition, old vulnerabilities, such as the one that led to the Code Red attack still linger. "Some vulnerabilities will never go away from the internet," Eschelbeck said.
_(36).jpg&h=140&w=231&c=1&s=0)
_(37).jpg&h=140&w=231&c=1&s=0)
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Executive Retreat - Security Leaders Edition
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
