Enterprises Should Patch For Vuln Criticality, Not App Popularity, Researchers Say

  /     /     /  
Publicated : 22/11/2024   Category : security

Enterprises Should Patch For Vuln Criticality, Not App Popularity, Researchers Say


Organizations could reduce risk significantly by changing patching priorities, according to Secunia


Most enterprises prioritize their security patches by which applications they use most. If most of the users in the enterprise are running Microsoft Word, for example, then that application will move to the head of the line for patching.
In a
blog and whitepaper
issued this week, however, researchers at Secunia suggested that enterprises could achieve significant security improvements if they prioritize their patches by the severity of the vulnerability instead of the prevalence of the application.
Many organizations prioritize their patches by selecting the most prevalent or most attacked applications, says Thomas Kristensen, CTO of Secunia. This is a flawed approach. You should look at criticality and number of vulnerabilities, and use that as your filter.
Research reveals that an 80 percent reduction in risk can be achieved by patching and identifying either the 12 most risky programs or the 37 most prevalent programs, the whitepaper says.
Most organizations still take too long to patch their applications, according to Secunia. There is a lot of talk about zero-day attacks, but the truth is that most cybercriminals don’t need a zero-day attack in order to penetrate enterprise defenses, because there is a significant amount of time available to do an exploit between the disclosure of the vulnerability and the deployment of the patch, Kristensen observes.
Organizations hold the power to patch 65 percent of vulnerabilities on the day of disclosure firmly in their hands, the whitepaper says.
Cybercriminals are less interested in attacking widely used applications from Microsoft than they used to be because Microsoft has become faster in identifying vulnerabilities and quicker to deploy patches for its applications, Kristensen says. Now, non-Microsoft programs that are patched with less frequency and deployed more slowly are a more attractive target, he says.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Enterprises Should Patch For Vuln Criticality, Not App Popularity, Researchers Say