Google has good news for the state of online security
Google says companies are getting better at filling security holes, according to the latest research.
New research by Google shows that companies are getting better at fixing security holes in their products. Many companies now spend less time solving problems and exceeding deadlines less frequently than in previous years.
See: Passenger Gate
Check also:
Project Zero is a team of Google security analysts tasked with finding zero-day vulnerabilities, that is, unknown or unaddressed vulnerabilities that can be exploited by malware. Specialists have published a report describing 376 issues discovered between 2019-2021, as well as how service providers responded and what this means for the overall cybersecurity situation in the digital sphere.
It turned out that out of 376 problems, almost all were fixed (351 – 93.4%). Only 14 (3.7%) are rated by providers as ‘WontFix’, while 11 (2.9%) are still active (8 of them have already passed the 90-day deadline).
The Big Three account for about two-thirds of all these vulnerabilities (65%): Microsoft has 96 (26%), Apple has 85 (23%) and Google has 60 (16%) problems to solve. According to Project Zero, the lead time for the vendor to fix the problem and ship the upgraded version to their customers’ endpoints is 90 days. The seller can also request a 14-day grace period if they promise to release the repair by then.
However, of all the reported vulnerabilities, Apple fixed 87% over a 90-day period, more than Microsoft (76%) or Google (53%). Microsoft released most patches within the grace period (15 errors, or 19%).
Google claims that the fastest resolution of these problems takes an average of 44 days, less than Apple (69) or Microsoft (83). It should be remembered that this is data for the period from 2019 to 2021.
Check: How to take a screenshot on a laptop
“Perhaps the most impressive thing is that the other people not on the chart have cut their repair time together by more than half,” explains Project Zero. They claim to see “several promising trends emerging from the data,” including sellers fixing almost any bugs they receive, and keeping the 90-day deadline. Everyone has been quick to hand out patches in the past three years.
