Computer Business Review: “Seven out of every ten open vulnerabilities observed by customers belongs to just three vendors, Oracle, Microsoft and Adobe. These are the findings of cyber security enterprise Kenna Security in their new report Prioritization to Prediction, which explores how enterprises are dealing with open vulnerabilities. In their report Kenna found that Oracle accounts for 34 percent of the open vulnerabilities that customers have observed, while Microsoft and Adobe both stand at 17 percent. Kenna is quick to point out that the fact these companies are in the top three is not surprising given their extensive foothold within the market. They also found that 40 percent of vulnerabilities discovered in enterprise networks are still, as of today, not patched. While over 75 percent of common vulnerabilities and exposures (CVE) are left open a year after they have been published. While this can often be explained by the minor nature of some of these flaws, Kenna note that many CVE’s have not been given a risk score.
Kenna Security state that a staggering 544 million exploitable vulnerabilities have been discovered, but this only equates to 5 percent of enterprises vulnerabilities. Ed Bellis CTO at Kenna Security commented in an emailed statement that: “We’ve found that remediating the riskiest vulnerabilities is within reach for many organizations. Despite recent high-profile data breaches, our findings show that enterprises can and should delay efforts to remediate a majority of vulnerabilities, which often number in the millions.”..”