WannaCry Exposed Gaping Risk Window between Identifying Vulnerability Risk and Fixing It
Maidenhead, U.K. – June 20, 2017 – When WannaCry hit, the world learned that for two months a patch had been available that would have prevented the problem. But its victims were those that hadn’t yet deployed this patch. As many companies discovered the hard way, there is an unacceptable ‘risk window’ that persists between the discovery of a software vulnerability and when the patch is successfully installed. In 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors. 81 percent of those vulnerabilities had patches available on the same day as disclosure. But, on average, it takes companies 186 days to completely install those patches[1].