Symantecs ISTR Makes Some Good Points | eWeek

Symantecs ISTR Makes Some Good Points

Sep 23, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Even though Symantec has a vested interest in painting as bleak a security picture as possible, its latest Internet Security Threat Report does a good job of providing a well-researched overview of everything bad on the Internet.

The ISTR, compiled by a team of Symantec experts, uses mountains of data collected by the company from around the world.

/zimages/1/28571.gifRead detailshereabout Symantecs purchase of an anti-phishing vendor.

The reports (this is the eighth one) are issued at six-month intervals. This allows enough time for the data to show trends, while being frequent enough to provide IT managers with actionable information. The report released on Sept. 19 covers the period from January to June 2005.

Its hardly surprising that sections in the reports often conclude with a suggestion to buy a service or product offered by Symantec, and IT managers should take the ISTR with a bit of salt.

However, Symantec has done a good job of explaining the ups and downs of the threat landscape. I think the conclusions are interesting and well worth paying attention to.

/zimages/1/28571.gifSymantec patches its AntiVirus Corporate Edition.Click hereto read more.

Just one example from the report illustrates the point. The average time lapse between the disclosure of a vulnerability and the publication of an associated exploit was 6.0 days, according to Symantecs ISTR. This compares to 6.4 days in the previous report.

Symantec combined this disclosure with a new measure that shows the average patch development and availability time. The report says that on average in 2005, 54 days elapsed before a vendor patch was available for a published exploit.

This is useful information, but IT managers need to correlate the general numbers about exploits and patches to assets including machines, operating systems and applications to get a business-focused idea of the actual risk faced in an enterprise.

An accurate inventory of IT assets, along with the general trend information provided by the ISTR, will likely help IT managers make better security decisions.

eWEEK Labs Technical Director Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.