Vulnerabilities Are Everywhere

Two of every three computers are running software that contains a critical security hole, according to statistics released by vulnerability scanning company Qualys Inc.

The data, based on more than 32 million vulnerability scans, spans three years. In all, 21 million critical vulnerabilities were identified in that period that could allow an attacker to take over a machine or get access to sensitive data, said Gerhard Eschelbeck, chief technology officer at Qualys.

/zimages/6/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Not all the news is bad, though. Companies are getting better at applying software patches for those holes. The average time it took for companies to patch 50 percent of their affected systems declined from 30 days in 2003 to just 19 days this year.

For internal systems, this year companies took an average of 48 days to patch half of their affected systems. Last year, it took them 62 days to do that, Eschelbeck said.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.