Most Application Vulnerabilities Not Patched in 2008

In a new report from IBM, most application vulnerabilities were not patched in 2008. According to the report, 55% of application vulnerabilities are web applications. Of those, just about 75% have no patches available. With 80% of malware sites being hosted on legitimate websites, it offers an environment condusive to a great number of exploits.

As a counterpoint, many application vulnerabilities are not easy to exploit. They often require the application to be configured in a non-standard, very specific way in order to be vulnerable.

That being said, to many software vendors are not writing and distributing patches quickly enough. Likewise, customers are not patching systems at the application level. Many believe that their standard OS updates are taking care of them (which they usually are not) or that the application itself will auto-update as necessary.

http://www.techweb.com/article/printArticle?articleID=213000162&printArticle=true