79% of vulnerabilities had patches available on the day of disclosure; therefore the power to patch endpoints is in the hands of all end-users and organizations.
In 2012, 70% of vulnerabilities had patches available on the day of disclosure.
21% of vulnerabilities are without patches for longer than the first day of disclosure. This means that vulnerability intelligence and alternative remediation measures are required if organizations wish to keep their IT infrastructure watertight.
It is realistic to assume that 21% is a representative proportion of software products that are not patched quickly.
Reasons for delayed issuing of patches can be, for example:
Lack of vendor resources, uncoordinated releases or, on rare occasions, zero-day vulnerabilities.
Read more in the Secunia Vulnerability Review 2014. Download it here.