Software industry slammed for poor patching practice
Companies are still producing plenty of insecure software, as end-point vulnerabilities triple.


"Despite massive security investments by the industry, vulnerabilities are still rising and increasing manifold. It seems that the industry's security improvements are either nullified by the ever increasing complexity of their products, or that the current state of the industry represents an economic equilibrium between security investments by vendors and the level of insecurity that is acceptable in the market," the Secunia report read.
"As a result of this, there is a continued need for private and corporate users of software to properly handle vulnerability information and remediation in order to manage and reduce the associated risks."
A fire in the eye of the storm
Despite Secunia's concerns, and despite its own figures showing 95 per cent of organisations had security holes ready to be exploited, FireEye said vendors were doing as much as they could in helping with patching.
"The vendors are doing pretty much as much as they can given the tools and the way their products are built to work," James Todd, European technical lead at FireEye, told IT Pro.
"The challenge for the future is how can people start building products which don't have the obviously inherent, easily exploited flaws?
It is clear patching remains an issue for customers still, Todd said. "Patching isn't something that people feel like they can truly get on top of," Todd added.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Walking the line: GitOps and Shift Left security
Whitepaper Scalable, developer-centric supply chain security solutions
By ITPro
-
Avaya reseller helped coordinate $88m pirate software scheme
News New Jersey-based businessman, Jason Hines, pleaded guilty in an Oklahoma court on Friday
By Ross Kelly
-
Attack on third-party software vendor disrupts NHS ambulance services
News The ambulance services serve more than 10 million people across the south of England
By Ross Kelly
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
By Ross Kelly
-
The best TeamViewer alternatives
In-depth Exploring TeamViewer alternatives? These eight remote desktop software tools are feature-packed and could help you save money
By Paul Kilinga
-
Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat
News Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewards
By Connor Jones
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
By Connor Jones
-
How to boot into Windows 11 Safe Mode
In-depth Long-time Windows users will already be familiar with Windows 11 Safe Mode, but what exactly is it for and how do you boot your system into it?
By Rene Millman