Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys CTO Leads Panel of Distinguished CSOs on Vulnerabilities Patching Trends at Black Hat USA 2009

Security Officers from Heartland Payment Systems, General Electric, Goldman Sachs, Orbitz and the State of California Examine Time-to-Patch Trends

REDWOOD CITY, Calif. - July 27, 2009 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced that Wolfgang Kandek, CTO of Qualys, will moderate a panel discussion on the latest enterprise security patching trends at Black Hat USA 2009 in Las Vegas. The panel will include security officers from Orbitz, Heartland Payment Systems, State of California, Goldman Sachs and General Electric and the discussion will center around new patching data from Kandek’s latest research, The Laws of Vulnerabilities Version 2.0.

In the panel discussion titled, “The Laws of Vulnerabilities Research Version 2.0: Comparing Critical Infrastructure Industries,” Kandek and the panel of CSOs will discuss the impact of zero-day vulnerabilities such as the Conficker worm and Windows RPC vulnerabilities, and will explore how quickly the industry reacted to patch these critical vulnerabilities. During the session, Kandek will also release new data highlighting the differences in time-to-patch trends between internal and external enterprise systems across five vertical industries.

The Laws of Vulnerabilities Version 2.0 compares the progress of patching across multiple critical industries including patch trends, prevalence, persistence and exploitability of vulnerabilities within global enterprise networks. By examining time-to-patch trends across 80 million IP addresses scanned by Qualys in 2008, the research derives half-life periods for five industry sectors, including finance, retail, manufacturing, healthcare and services. This vertical-specific information provides organizations with a benchmark for comparison when patching critical vulnerabilities within internal and external networks.

Event Details

**Date:** Wednesday, July 29, 2009
**Time:** 10:00 – 11:15 a.m. PT
**Title:** Qualys, Inc.: The Laws of Vulnerabilities Research Version 2.0: Comparing Critical Infrastructure Industries
**Speakers:** Ed Bellis, chief information security officer, Orbitz Kris Herrin, chief security officer, Heartland Payment Systems Mark Weatherford, chief information security officer, State of California Richard Bejtlich, director of incident response, General Electric Paul Griffiths, executive director, Technology Division, Goldman Sachs Wolfgang Kandek, chief technology officer, Qualys, Inc.
**Location:** Caesars Palace Hotel, Pompeian Ballroom

The Laws of Vulnerabilities research was first premiered at Black Hat in 2004. Most recently, Kandek presented on The Laws of Vulnerabilities Version 2.0 at the RSA conference in April of 2009. The updated version of The Laws will be available for download on Wednesday, July 29, 2009 at:

Media and analysts interested the Laws of Vulnerabilities research or in speaking with Qualys, please email or call Jason Morris or Jen Spark at (415) 512-0770.

About Qualys

Qualys, Inc. is the leading provider of on demand ITsecurity risk and compliance management solutions – delivered as a service.Qualys’ Software-as-a-Service solutions are deployed in a matter of hoursanywhere in the world, providing customers an immediate and continuous view oftheir security and compliance postures.

The QualysGuard® service is used today by more than 3,500 organizations in 85countries, including 40 of the Fortune Global 100 and performs more than 200million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, SecureWorks, Symantec, Tata Communications, TELUS and VeriSign.For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For media inquiries or to find the appropriate spokesperson
Contact: Jason Morris or Jen Spark
Schwartz Communications
(415) 512-0770

For all other matters

Media Contact:
Tami Casey