Security News > 2021 > September > Patch now? Why enterprise exploits are still partying like it's 1999

Patch now? Why enterprise exploits are still partying like it's 1999
2021-09-08 09:13

Eoin Keary, CEO and founder of Edgescan, told The Register that the oldest common vulnerability discovered in its latest quarterly vulnerability scans report dated back to 1999.

Before we look at the why, let's explore some of the what: the old vulnerabilities that are still being used in very real world enterprise attacks to this day.

Just because a vulnerability was identified and a fix made available in 2018, it's way too simplistic to argue every enterprise should have patched it by now.

The complexity of patch management is highlighted further by the somewhat surprising statistic that the National Institute of Standards and Technology Common Vulnerabilities and Exposures database expands by around 1,500 every month.

According to Rudis, at a very minimum, organisations need to have a vulnerability triage process and a patch cadence plan in place along with a regularly updated inventory of systems and software.

Ultimately, what is needed is a change of thinking to accept that patch prioritisation isn't driven by the vulnerability scanning cycle, Van der Walt says.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/08/patch_now_why_enterprise_exploits/