Oct 24, 2018

Study: Software security vulnerabilities persist for months

Photo: Wulf Voss / EyeEm via Getty Images

According to a new report by CA Veracode, a company that automatically scans for security flaws, 50% of the vulnerabilities they discover remain un-patched after 121 days.

Why it matters: Think of it as the computer security equivalent of the inspirational poster, "It's not how hard you fall, it's how fast you get back up.” Flaws in computer code are inevitable, but companies need to have processes in place to fix them.

By the numbers: By Veracode’s stats, around 75% of known security vulnerabilities persist after 21 days. 25% persist after 472 days.

  • It gets a little better for higher severity bugs, which are fixed within roughly 95 days. That’s still 3 months.

Interestingly, the most “mission critical” apps appear to take longer to fix than many less critical ones.

  • It takes 108 days for half of “medium critical" applications to be fixed, 9 days longer for half of “highly critical" apps to be fixed, and 24 days longer for the most critical apps to be fixed.
  • That could be in part because it’s hazardous to tamper with the most critical software without the risk of disrupting business.

Go deeper

Fadel Allassan
5 mins ago - Health

Houston public health system CEO says coronavirus situation is "dire"

Houston's coronavirus situation is "dire, and it's getting worse, seems like, every day," Harris Health System CEO and President Dr. Esmail Porsa said Monday on MSNBC's "Morning Joe."

The big picture: Porsa said the region is seeing numbers related to the spread of the virus that are "disproportionately higher than anything we have experienced in the past." He noted that Lyndon B. Johnson Hospital's ICU is at 113% capacity, and 75% of its beds are coronavirus patients.

Go deeper (1 min. read)Arrow
Dion Rabouin
1 hour ago - Economy & Business

Fund managers start to board the stock bandwagon

Illustration: Aïda Amer/Axios

Asset managers at major U.S. investment firms are starting to get bullish with their clients, encouraging stock buying and trying not to get left behind right as the metrics on tech stocks rise back to highs not seen since the dot-com crash of 2000.

What's happening: Appetite for stocks is starting to return, but slowly as institutional money managers were overwhelmingly sitting on the sidelines in cash during April and May.

Go deeper (1 min. read)Arrow
Fadel Allassan
2 hours ago - World

China bans Cruz and Rubio over Xinjiang criticism

Photos: Graeme Jennings/Pool/Getty Images; Al Drago/Pool/Getty Images

China said Monday that it will ban entry to Sens. Marco Rubio (R-Fla.) and Ted Cruz (R-Texas) over their criticisms of human rights abuses in Xinjiang, the AP reports.

The big picture: The move seems to be retaliatory after the U.S. announced sanctions on four Chinese officials for human rights abuses against Uighur Muslims and other ethnic minorities in the region last week.

Go deeper (<1 min. read)Arrow