Security News > 2022 > March > Organizations taking nearly two months to remediate critical risk vulnerabilities
The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate across the full stack set at 60 days.
High rates of "Known" vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.
Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old.
These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups.
Healthcare organizations - despite the extreme pressure they endured in the past two years - came out on top, with an MTTR of just 44 days.
At the opposite end of the spectrum, the public administration sector took an average of 92 days to remediate known vulnerabilities - a month longer than the cross-industry average.
News URL
https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/
Related news
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- Most critical vulnerabilities aren’t worth your attention (source)