Fixing the security gaps
Hundreds of software vulnerabilities not discovered or fixed by developers naturally lure hackers. This leaves gaps in security usually remaining unnoticed by internet users.
A study by RAND found that the average time for a company to privately fix a security hole is about 7 months. Other reports typically share their findings publicly which takes around 10 months, after the companies have acknowledged the issue privately. These security flaws, often exploited before their developers, are called “zero-day”.
A hacker could exploit vulnerabilities 22 days faster if they fully developed the program first.
Led by Lillian Ablon, the RAND Corporation recently released a groundbreaking study. The study surveyed the many vulnerabilities that are still unknown to the general public. They analyzed over 200 cases of security vulnerabilities in software programs and they estimate that nearly 40% of them remain unknown to the general public.
According to a 2016 RAND research study, in practice an average of 6.9 years pass before the vulnerability became public. 25% of “zero day” vulnerabilities remain unknown and unfixed for a year and a half. Another 25% revealed within two months.
Some cases are considered “immortal”. The vulnerability is a part of the code not easily removed. The difficulty in removing these vulnerabilities means that they will stay forever. Risking unauthorized intrusion into a system, they should fix these “immortal bugs”.ย Certain vulnerabilities are, alternatively, known as zombies because they are only exploitable in older versions of a program.
The study concludes that discretion is crucial in these matters as company and government agencies may want to protect their systems rather than informing the public about security holes. On the other hand, so-called “white” (well-meaning) hackers have more incentive to disclose a flaw they discover as they are less likely to face repercussions for acting in good faith.
Once the news gets out, hackers will definitely scramble to take advantage of the latest security hole. Whether it is cyber-crime or cyber-espionage, some people will find a way to exploit it.
Learn more about security gaps and it’s usage , by clicking this link .
Update your knowledge of security and protection , here .
Author: PC-GR
