WannaCry Exposed Gaping Risk Window between Identifying Vulnerability Risk and Fixing It


Flexera’s New Software Vulnerability Manager First to Shut Risk Window…for Good

When WannaCry hit, the world learned that for two months a patch had been available that would have prevented the problem. But its victims were those that hadn’t yet deployed this patch. As many companies discovered the hard way, there is an unacceptable ‘risk window’ that persists between the discovery of a software vulnerability and when the patch is successfully installed.  In 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors.  81 percent of those vulnerabilities had patches available on the same day as disclosure.  But, on average, it takes companies 186 days to completely install those patches[1].  This risk window gives hackers plenty of opportunity to exploit vulnerabilities, and perpetrate attacks with costly consequences to businesses.

Flexera, the company reimagining how software is bought, sold, managed and secured, has announced that it is closing the risk window.  Launched on the 23rd June, Software Vulnerability Manager is the first product to fix the broken remediation process, helping companies shut the risk window by quickly identifying, prioritising and patching vulnerabilities used as entry points by hackers.  With the launch of Software Vulnerability Manager, CEOs can now rest easier.

“The disconnect between IT Operations and Security is a great example of organisational misalignment and yet another instance of how software is a ‘highly dysfunctional supply chain’.  Without technology and alignment bridging this gap, companies face unacceptable risk – as the WannaCry attacks laid bare to the world,” said Jim Ryan, Chief Executive Officer at Flexera Software.  “Before Software Vulnerability Manager, there was a huge time lag between IT Security identifying and prioritising dangerous software vulnerabilities, and IT Operations patching them.  With this release today, these teams can finally be on the same page, collaborate and slash the time it takes to eliminate vulnerability risk.”

Bye Point-of-Failure, Hello SecOps

When WannaCry-type attacks arise, they confirm that remediation remains a constant point of failure in vulnerability management programs.  Software Vulnerability Manager uses vulnerability intelligence, powered by Secunia Research at Flexera, to allow organisations to continually track, identify and remediate vulnerable software – before exploitation leads to costly breaches.  It bridges existing gaps in vulnerability management programs, and connects IT Security and IT Operations to ensure a smooth hand-off from identification to remediation, significantly reducing the risk window.

“WannaCry sent a loud and clear message to every CIO and CISO around the globe – closing the vulnerability risk window is critical to keep businesses secure,” said Tom Canning, Vice President of Solutions and Strategy at Flexera Software.  “The time is ripe for IT Security and IT Operations to work together more effectively and efficiently with shared accountability, processes and tools that prove we don’t need to sacrifice security for uptime and performance.  With Software Vulnerability Manager, IT Security and IT Operations teams can implement SecOps initiatives to be true company champions.  It is the only security solution to provide access to timely vulnerability advisories, accurate assessments and security patches – all in a single platform.”

Enterprise Resources:

Follow us on…

About Flexera Software
Flexera Software’s business sits at the nexus between the world’s software producers and buyers – repairing the broken software supply chain, which is the most dysfunctional supply chain in all of business today.  That dysfunction manifests as risk and cost – to both the producers of software and the enterprises that buy software – as they solve the complex, time consuming, and expensive problems of ensuring licensing compliance and security from vulnerabilities.  Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimized software investments, and to future-proof businesses against the risks and costs of constantly changing technology.  A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products.  For more information, please go to: www.flexerasoftware.com.

[1] Verizon’s 2016 Data Breach Investigations Report