Software industry slammed for poor patching practice

"Despite massive security investments by the industry, vulnerabilities are still rising and increasing manifold. It seems that the industry's security improvements are either nullified by the ever increasing complexity of their products, or that the current state of the industry represents an economic equilibrium between security investments by vendors and the level of insecurity that is acceptable in the market," the Secunia report read.

"As a result of this, there is a continued need for private and corporate users of software to properly handle vulnerability information and remediation in order to manage and reduce the associated risks."

A fire in the eye of the storm

Despite Secunia's concerns, and despite its own figures showing 95 per cent of organisations had security holes ready to be exploited, FireEye said vendors were doing as much as they could in helping with patching.

"The vendors are doing pretty much as much as they can given the tools and the way their products are built to work," James Todd, European technical lead at FireEye, told IT Pro.

"The challenge for the future is how can people start building products which don't have the obviously inherent, easily exploited flaws?

It is clear patching remains an issue for customers still, Todd said. "Patching isn't something that people feel like they can truly get on top of," Todd added.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.