Response against security bugs improved in 2013: Report
Response of software vendors against security bugs has reportedly improved in 2013, new statistics from a testing firm has revealed.
Washington: Response of software vendors against security bugs has reportedly improved in 2013, new statistics from a testing firm has revealed.
Swiss testing firm High-Tech Bridge has revealed that compared to the year before, critical flaws were being patched in less than 11 days in 2013, while medium and low-risk bugs were fixed in 13 and 25 days respectively.
According to PC World, the average time to patch security flaws has fallen across categories from 27 days to 18 days, which is a 33 percent improvement.
The most flaw-prone web applications during 2013 were content management and publishing systems, with in-house applications accounting for 40 percent of XSS and CSS flaws, while Plug-ins made for another 30 percent of issues and small CMS systems made for 25 percent.
High-Tech Bridge CEO, Ilia Kolochenko, argued that 11 days was still too long to patch serious flaws but noted that general awareness within vendors about the importance of application security was growing and vendors were taking security seriously.
CRO Marsel Nizamutdinov said that about 90 percent of large and medium-size commercial and open-source CMSs prone to XSS and SQL injection attacks are vulnerable because they are not up-to-date or are incorrectly configured, the report added.