I.e. Bruce Schneier quote: Can we patch vulnerabilities faster than attackers can exploit them?
The University of maryland, College park has a website project: https://www.umiacs.umd.edu/~tdumitra/blog/2015/04/15/impact-of-shared-code-on-vulnerability-patching/
In my opinion the crux of their vulnerability survey is in this graph(also from Univ of Maryland link):
The end result of this survey was that how long vulnerabilities that are in the “wild” (the Internet at large – i.e. not in any one company or types of companies) will stay as vulnerabilities with no patching applied yet.
It looks like the result from 54 vulnerabilities only 14% of the hosts tested were patched quickly after the vulnerability had a patch available.
This is why patching even standard vulnerabilities can be a challenge, since one has to uninstall all instances of the old application(old version which is vulnerable).
So it is obvious since 86% of the computers are not fully patched the criminal hackers have a fertile ground to base their attacks.
And attacks are getting more sophisticated …
Now you know why we hear so many hacks and attacks on us.
Here is a graph from a 2014 Blackhat
And my 2015 review post: http://oversitesentry.com/reviewing-all-of-the-changes-in-2015/
The challenge is there, but it can be done, and we are doing it at Fixvirus.com – we help local Saint Louis companies with their patching methodology.