Research of the Largest Base of Real-World Vulnerability Data Reveals Half-Life, Prevalence, Persistence, and Exploitation Trends
Black Hat, Las Vegas, NV — July 30, 2003 — Gerhard Eschelbeck, CTO of Qualys™, Inc., the market leader of on-demand security audits and vulnerability management, today unveiled Laws of Vulnerabilities derived from the industry’s largest vulnerability dataset. The Laws reveal vulnerability half-life, prevalence, persistence, and exploitation trends. These trends were drawn from statistical analysis of more than 1.24 million vulnerabilities collected by 1.5 million scans during an 18 month period.
The laws derived from this research are:
The Laws of Vulnerabilities were discussed today at the Black Hat Briefings by apanel of industry experts, including Mary Ann Davidson, Chief Security Officer of Oracle; Philip Zimmermann, Creator of Pretty Good Privacy (PGP); Black Hat Founder Jeff Moss; Simple Nomad, Founder of NMRC; JD Glaser, President & CEO of NT OBJECTives, Inc.; and Gerhard. Eschelbeck, CTO of Qualys. The panel was moderated by well-known Black Hat participant, Richard Thieme.
“The security industry is flooded with constant, sometimes daily, warnings of new vulnerabilities, and they vary drastically in their degree of potential damage,” said Gerhard Eschelbeck, Qualys CTO & Vice President of Engineering, and author of the Laws of Vulnerabilities. “Our job is to help organizations understand the broader trends, the potential for damage and the priority of vulnerabilities, so they can make more effective and more immediate decisions to protect their networks. With research like this, we can provide the industry with a statistical look at network threat trends in real-time.”
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.