Updated Research of the Largest Base of Real-World Vulnerability Data RevealsHalf-Life, Prevalence, Persistence and Exploitation Trends by Vertical Market
RSA Conference - April 23, 2009 - Wolfgang Kandek, CTO of Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today unveiled Laws of Vulnerabilities 2.0 derived from the industry’s largest vulnerability dataset. The Laws 2.0 reveals vulnerability half-life, prevalence, persistence and exploitation trends for five critical industry segments including Finance, Healthcare, Retail, Manufacturing and Services. These trends were drawn from a statistical analysis of more than 680 million vulnerabilities out of which 72 million vulnerabilities are critical, generated by 80 million scans during 2008.
The laws derived from this research are:
“Security is getting more difficult with attackers becoming extremely sophisticated and the window of exploitation shrinking to days for most critical vulnerabilities,” said Wolfgang Kandek, CTO of Qualys, and author of the Laws of Vulnerabilities 2.0. “Our goal with this research is to help organizations across different industries to understand the broader trends, the potential for damage and the priority of vulnerabilities, so they can make more effective and more immediate decisions to protect their networks. With research like that outlined in the Laws of Vulnerabilities 2.0, we can provide the industry with a statistical look at threat trends in real-time.”
The Laws is derived from an anonymous dataset that is non traceable to any given customer, IP address or network. The data is collected through the QualysGuard scanning infrastructure that performs over 200 million IP audits annually. Simple counters are kept during scanning of customers’ networks and the collected data is then summarized and logged daily for this research analysis.
The Laws findings are fully published at: http://laws.qualys.com.
Qualys, Inc. is the leading provider of on demand ITsecurity risk and compliance management solutions – delivered as a service.Qualys’ Software-as-a-Service solutions are deployed in a matter of hoursanywhere in the world, providing customers an immediate and continuous view oftheir security and compliance postures.
The QualysGuard® service is used today by more than 3,500 organizations in 85countries, including 40 of the Fortune Global 100 and performs more than 200million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.
Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, SecureWorks, Symantec, Tata Communications, TELUS and VeriSign.For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
For media inquiries or to find the appropriate spokesperson
Contact: Jason Morris or Jen Spark
For all other matters