The number of wireless security vulnerabilities in the real world is vanishingly small, research from Qualys has suggested.
That was the finding of latest annual Laws of Vulnerabilities report written by Qualys CTO Gerhard Eschelbeck.
Despite worries about wireless security, only one in 20,000 of the vulnerabilities uncovered by scans of the companys customer base related to wireless systems. The figure can be considered significant because it was drawn from analysis of 32 million live networks scans and 21 million uncovered instances of vulnerabilities.
The research also showed (PDF that external network patching half-life has improved from last years figure of 21 days to this years 19 days. The half-life is defined at the time it takes companys to patch at least 50 percent of their systems, thus reducing exposure to security threats.
Internal network patching has also come down from 62 days to 48 days during the same period. In total, 90 percent of such exposure is caused by only 10 percent of the critical holes.
On a less positive note, the time it takes for exploits to appear for vulnerabilities is also shrinking. Fully 80 percent of the most dangerous holes are exploited within the current half-life period. The overwhelming majority of automated attacks do their damage in the first 15 days.
2005 has been the year of improvements for patching and updating vulnerable systems. This is heavily driven by the fact that vendors like Microsoft and others are now are issuing regular advisories with patch updates, which ends up speeding the prioritisation and remediation efforts within organizations, said Eschelbeck.
As with last year, Microsoft dominates the top ten critical vulnerabilities, both for internal and external networks. Not surprisingly given the companys desktop dominance, the report detects a marked move towards security holes affecting clients rather than servers, with the former accounting for 60 percent of new vulnerabilities uncovered.