Wednesday, May 07, 2008

Big Vendors Still Very Tardy on Fixing Security Flaws

Ryan Naraine writes on the eWeek "Security Watch" Blog:

Some of the biggest names in the IT software business still are very lax when it comes to fixing security holes reported by third-party brokers.

According to a list maintained by TippingPoint's Zero Day Initiative, Microsoft, Novell, Oracle, Computer Associates and Hewlett-Packard are among the vendors most tardy about shipping fixes for known flaws that could be used in code execution attacks.

Microsoft, for example, has nine "high risk" vulnerabilities on the list. Three of the nine Microsoft product flaws were reported more than 404 days ago.

More here.

0 Comments:

Post a Comment

<< Home