Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Security Bug Businesses

26% of Companies Ignore Security Bugs Because They Don't Have the Time to Fix Them (bleepingcomputer.com) 24

Posted by msmash from the different-priorities dept.
Catalin Cimpanu, writing for BleepingComputer: A survey compiled last month at the RSA security conference reveals that most companies are still behind with proper security practices, and some of them even intentionally ignore security flaws for various reasons ranging from lack of time to lack of know-how. The survey, which compiled answers from 155 security professionals from the companies present at the RSA conference, revealed that only 47% of organizations patch vulnerabilities as soon as they are known. Most worrisome is that some companies wait quite some time before applying patches, exposing their IT infrastructure to attacks. More precisely, 16% wait for one month, while 8% said they only apply patches once or twice a year.

26% of Companies Ignore Security Bugs Because They Don't Have the Time to Fix Them More | Reply

26% of Companies Ignore Security Bugs Because They Don't Have the Time to Fix Them

Comments Filter:

  • It's not time, it's money... (Score:5, Insightful)

    by TFlan91 ( 2615727 ) on Thursday May 10, 2018 @02:41PM (#56590016)

    It's not that I don't have enough time, I do.

    It's that the powers at be only want to spend time on something if a client pays for it.

    • Re:It's not time, it's money... (Score:4, Insightful)

      by v1 ( 525388 ) on Thursday May 10, 2018 @03:16PM (#56590294) Homepage Journal

      well, it IS time. but time IS money. so, yeah, kinda.

      Pinheads that only how how to count beans and don't understand the problem are asking each other "Is it important? How much does it cost? What's the return on investment?"

      They don't see the risk or the cost of losing on the risk. They only see the cost of the fix, and that looks like a very poor ROI, and it gets shot down, or continuously delayed.

    • This.

      And this is limited isn't limited to contracting situations (where you typically hear the word "client"). I have seen this in companies that sell products on the open market, to whole industries. The company takes the approach that development schedules are dictated by what features customers say they want. Since the customer doesn't know the security problem exists they can't say "I want this fixed". It is therefore not a priority.

  • Fix your shit or be run out of business. I think I speak for the majority when I say we're all sick and bloody well tired of having every gods-be-damned thing on the planet hacked by whoever because the firmware/software is written poorly.
  • No support from Microsoft for over four years but still over 10% market share for the security hole OS It will get even worse when Firefox drops support.. It gets to the point where it's easier to reformat every few months than to keep updating. Most viruses probably get great firewalled anyway.

  • Nobody with any experience installs a patch immediately when its released if they aren't forced to. It only takes one time borking your entire network/domain by being the unwitting beta tester to learn that lesson.

  • In related news (Score:3)

    by rsilvergun ( 571051 ) on Thursday May 10, 2018 @03:08PM (#56590238)
    74% of companies lie on surveys.

Slashdot Top Deals

A triangle which has an angle of 135 degrees is called an obscene triangle.

Close