All Products Top 50

Find out how quickly software vendors issue fixes - so-called patches - when vulnerabilities are discovered in Top 50 products.

86% of vulnerabilities in the Top 50 programs had patches available on the day of disclosure; therefore the power to patch endpoints is in the hands of all end-users and organizations.

In 2012, 90% of vulnerabilities had patches available on the day of disclosure.

14% of vulnerabilities are without patches for longer than the first day of disclosure. This means that vulnerability intelligence and alternative remediation measures are required if organizations wish to keep their IT infrastructure watertight.

It is realistic to assume that 14% is a representative proportion of software products that are not patched quickly.

Reasons for delayed issuing of patches can be, for example:
Lack of vendor resources, uncoordinated releasesor, on rare occasions, zero-day vulnerabilities.

Read more in the Secunia Vulnerability Review 2014. Download it here.

Where are the attacks coming from?
Where are the attacks coming from?

* See footnote

Show data for: 2013 2014

Where are the attacks coming from?
Where are the attacks coming from?

Show data for: 2013 2014

* The Time-to-Patch numbers are not directly compatible with the numbers released in 2013. We have applied a different method for 2013, because an increasing number of vendors, particularly browser vendors, upgrade to new major versions, rather than patch existing versions. The numbers used in this report for Time-to-Patch are, however, comparable, as they are reached using the same method. Consequently, the year-on-year comparison in this report is reliable.

© 2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144

Please note: The numbers in these graphs are rounded.

Terms & Conditions and Copyright - Privacy