Vulnerability Review 2016: Time to Patch

Vulnerability Review 2016

Welcome to the Vulnerability Review 2016

The annual Vulnerability Review by Secunia Research at Flexera Software analyzes the evolution of software security from a vulnerability perspective.

It presents global data on the prevalence of vulnerabilities and the availability of patches, to map the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.

Download Now

Find out how quickly software vendors issue fixes - so-called patches - when vulnerabilities are discovered in All products

84% of vulnerabilities had patches available on the day of disclosure; therefore the power to patch endpoints is in the hands of all end-users and organizations.

In 2010, 49% of vulnerabilities had patches available on the day of disclosure.

16% of vulnerabilities are without patches for longer than the first day of disclosure. 

30 days after day of disclosure, only 85% of vulnerabilities have a patch available.

Reasons for delayed issuing of patches can be, for example: Lack of vendor resources, uncoordinated releases or, on rare occasions, zero-day vulnerabilities.

Read more in the Vulnerability Review 2016. Download it here.

Vulnerability Review 2016: Time to Patch
Vulnerability Review 2016: Time to Patch

Find out how quickly software vendors issue fixes - so-called patches - when vulnerabilities are discovered in Top 50 products

85% of vulnerabilities in the Top 50 applications had patches available on the day of disclosure; therefore the power to patch endpoints is in the hands of all end-users and organizations

In 2010, 64% of vulnerabilities had patches available on the day of disclosure.

15% of vulnerabilities are without patches for longer than the first day of disclosure. 

30 days after day of disclosure, only 87% of vulnerabilities have a patch available.

Reasons for delayed issuing of patches can be, for example: Lack of vendor resources, uncoordinated releasesor, on rare occasions, zero-day vulnerabilities.

Read more in the Vulnerability Review 2016. Download it here.

Vulnerability Review 2016: Time to Patch

1. The Time-to-Patch numbers released in 2015 and 2014 are not directly compatible with the numbers released in previous years. We have applied a different method from 2014 onwards because an increasing number of vendors, particularly browser vendors, started to upgrade to new major versions, rather than patch existing versions. The numbers used in this report for Time-to-Patch are, however, comparable, as they are reached using the same method. Consequently, the year-on-year comparison in this report is reliable.