Oct 24, 2018

Study: Software security vulnerabilities persist for months

Joe Uchill

Photo: Wulf Voss / EyeEm via Getty Images

According to a new report by CA Veracode, a company that automatically scans for security flaws, 50% of the vulnerabilities they discover remain un-patched after 121 days.

Why it matters: Think of it as the computer security equivalent of the inspirational poster, "It's not how hard you fall, it's how fast you get back up.” Flaws in computer code are inevitable, but companies need to have processes in place to fix them.

By the numbers: By Veracode’s stats, around 75% of known security vulnerabilities persist after 21 days. 25% persist after 472 days.

  • It gets a little better for higher severity bugs, which are fixed within roughly 95 days. That’s still 3 months.

Interestingly, the most “mission critical” apps appear to take longer to fix than many less critical ones.

  • It takes 108 days for half of “medium critical" applications to be fixed, 9 days longer for half of “highly critical" apps to be fixed, and 24 days longer for the most critical apps to be fixed.
  • That could be in part because it’s hazardous to tamper with the most critical software without the risk of disrupting business.

Go deeper

Orion Rummler

Mass shooting in Milwaukee: What we know

Milwaukee Mayor Tom Barrett in 2012. Photo: John Gress/Corbis via Getty Images

Six people died in a shooting at the Molson Coors Brewing Company in Milwaukee on Wednesday, including the gunman, Mayor Tom Barrett told reporters at a Wednesday evening press conference with local police.

Details: All of the victims worked at the brewery complex, as did the shooter who died of "an apparent self-inflicted gunshot wound," police confirmed in a statement late Wednesday.

Go deeperArrowUpdated 7 hours ago - Politics & Policy
Axios

Coronavirus updates: South Korea case count tops 2,000

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

33 people in California have tested positive for the coronavirus, and health officials are monitoring 8,400 people who have recently returned from "points of concern," Gov. Gavin Newsom said Thursday.

The big picture: COVID-19 has killed more than 2,850 people and infected over 83,000 others in some 50 countries and territories. The novel coronavirus is now affecting every continent but Antarctica, and the WHO said Wednesday the number of new cases reported outside China has exceeded those inside the country for the first time.

Go deeperArrowUpdated 8 hours ago - Health
Dave Lawler

Syria's darkest chapter

Family room without a family, in Idlib. Photo: Muhammed Said/Anadolu Agency via Getty Images

The worst humanitarian crisis of Syria’s brutal civil war is colliding today with what could be the war’s most dangerous geopolitical showdown, after at least 29 Turkish troops were killed in an airstrike.

The big picture: The fighting is taking place in Idlib in northwest Syria, where a ferocious Syrian and Russian offensive has displaced 1 million civilians and infuriated Turkey, which borders the region.

Go deeperArrow9 hours ago - World