Cybersecurity Bug-Hunting Sparks Enterprise Confidence

[silversurfer]

Nearly three-quarters of IT security professionals (73 percent) surveyed say they prefer to buy technology and services from vendors who are proactive about security, including leveraging ethical hacking and having transparent communications about vulnerabilities. But less than half of vendors deliver.
 
The survey, conducted by Poneman Institute and commissioned by Intel, was intended to help get a better understanding of what drives security investment decision-making, according to the report. The Ponemon Institute surveyed 1,875 people across Africa, Europe, the Middle East, the U.K. and the U.S. who are involved in their organizations’ IT infrastructure and also familiar with purchasing processes for tech and services.
The survey shows a wide gap between what organization decision-makers expect in terms of security, and their vendors’ ability to meet those expectations. For instance, 66 percent of those surveyed said they prefer vendors to have the “ability to identify vulnerabilities in its own products and mitigate them.” Yet only 46 percent of those same respondents said their technology providers have that capability, the report said.
 
Thirty percent of those surveyed said they could patch a vulnerability in a week or less, but on average, it takes about six weeks to patch a bug from the time its first detected, with 63 percent saying delays are caused by “human error.”
 
But the rise in zero-day flaws, such as those recently found in software like Google Chrome or Microsoft Exchange, means these organizations could be left vulnerable to attack for weeks before a fix is put in place, depending on the vendor.
 
“Security doesn’t just happen,” Suzy Greenberg, vice president, Intel Product Assurance and Security said. “If you are not finding vulnerabilities, then you are not looking hard enough.”

Read more: Cybersecurity Bug-Hunting Sparks Enterprise Confidence | Threatpost