USA News Releases
Qualys CTO Gerhard Eschelbeck Unveils Laws of Vulnerabilities at Black Hat Briefings
Research of the Largest Base of Real-World Vulnerability Data Reveals Half-Life, Prevalence, Persistence, and Exploitation Trends
The laws derived from this research are:
- Half-Life: The half-life of critical vulnerabilities is 30 days and doubles with lowering degrees of severity
- Prevalence: 50% of the most prevalent and critical vulnerabilities are being replaced by new vulnerabilities on an annual basis
- Persistence: The lifespan of some vulnerabilities is unlimited
- Exploitation: 80% of vulnerability exploits are available within 60 days after the vulnerability release
The Laws of Vulnerabilities were discussed today at the Black Hat Briefings by apanel of industry experts, including Mary Ann Davidson, Chief Security Officer of Oracle; Philip Zimmermann, Creator of Pretty Good Privacy (PGP); Black Hat Founder Jeff Moss; Simple Nomad, Founder of NMRC; JD Glaser, President & CEO of NT OBJECTives, Inc.; and Gerhard. Eschelbeck, CTO of Qualys. The panel was moderated by well-known Black Hat participant, Richard Thieme.
"The security industry is flooded with constant, sometimes daily, warnings of new vulnerabilities, and they vary drastically in their degree of potential damage," said Gerhard Eschelbeck, Qualys CTO & Vice President of Engineering, and author of the Laws of Vulnerabilities. "Our job is to help organizations understand the broader trends, the potential for damage and the priority of vulnerabilities, so they can make more effective and more immediate decisions to protect their networks. With research like this, we can provide the industry with a statistical look at network threat trends in real-time."
About QualysWith more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys' on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Contact: Megan Lamb