Major technology companies are becoming faster at fixing security vulnerabilities, incentivized to close gaps for customers.
Vendors took an average of 52 days to fix security vulnerabilities in 2021, down from 80 days three years ago, data from Google's Project Zero show.
Between 2019 and 2021, Apple fixed 87% of its bugs in 90 days; Microsoft fixed 76% in the same period.
"The tech community is getting faster at fixing discovered security issues for a variety of reasons, including advancing DevOps and CI/CD technological advancements, adopting bug bounty programs into the mainstream, embracing open source platforms' security issue tracking, and Project Zero making an impact," said Eylam Milner, director, Argon Technology with Aqua Security.
There is a caveat to this progress. The largest tech companies handle their bug bounty programs differently than smaller or lesser-known companies.
"Companies such as Microsoft, Facebook, Oracle, Mozilla, and Linux are very different in the way they operate, let alone handle security issues, than most software vendors and open source projects," Milner said.
While the average time to fix a vulnerability has gone down, that could be a bit misleading based on the companies involved. On the other hand, trends like this often have a trickle-down effect that is making a positive impact across the tech industry at large.
"When a large tech company (e.g., Facebook) is forced to fix a security issue in 90 days, this puts the company in a position to innovate with in-house organizational structure, engineering culture, and even new technology solutions," said Milner.
The engineering community at large often mimics big tech innovators, moving forward the way the entire community handles security issue fixing.
While the tech industry is getting better at remediating vulnerabilities in a more timely manner, the need to fix problems is not trickling down to the organizations using the software. If a customer lacks urgency in deploying a patch, a flaw can linger.
Even though members of the security community evangelize the importance of defined security patching processes and procedures as part of an overall security policy, there is still a knowledge gap, according to Matt Carpenter, senior principal security researcher with GRIMM.
"One of the core components of a good security policy is knowing what technologies/assets your organization maintains, and having regular patching intervals, processes and written procedures," Carpenter said.
Although companies realize the value of automated updates and regular automated checks and reports for out-of-date machines, less-security mature companies fall behind.
No matter how good tech companies have become at assessing vulnerabilities, there is always room for improvement. Adding automated application security solutions is key for diving deeper into vulnerability assessment and remediation.
"It's impossible for software consumers and vendors to handle a large amount of security risk in large codebases without an automated process for detection, remediation and prevention," said Milner.
The next step is to teach organizations to partner with trusted security companies in a long-term strategy, which helps reduce both risk and cost in the long term.
"For example, each organization should have a Security Architecture Review or similarly Threat And Risk Assessment (TARA) from a trusted and knowledgeable external security company," said Carpenter.
While informative, for assessments to add the most value, organizations should put together an internal security team with a top executive onboard, such as a CSO, CIO or CTO, to act as a liaison with the external assessment group.
This ensures assessment findings are communicated throughout the company and the necessary remediation steps can happen.
It's important to have clear strategies for both addressing general asset management, according to Daniel Trauner, senior director of security with Axonius.
"Without an asset management strategy, you might not even be aware that there's a patch to apply," Trauner said.
And if patches aren't applied in a timely manner, the quick remediation time of vulnerability remediation by tech companies won't do much good to prevent attacks
More:
Big tech is fixing bugs faster. Will that influence trickle down? - CIO Dive
- Report Sounds Alarm Over Growing Role of Big Tech in US Military-Industrial Complex - Common Dreams - April 18th, 2024 [April 18th, 2024]
- Big Tech's ad transparency tools especially X's are failing at their jobs, report finds - Mashable - April 18th, 2024 [April 18th, 2024]
- Big Tech Taps AI Agents to Drive Revenue Growth - PYMNTS.com - April 18th, 2024 [April 18th, 2024]
- National privacy standard eyed by Congress for data harvested by big tech companies Nebraska Examiner - Nebraska Examiner - April 18th, 2024 [April 18th, 2024]
- Big Tech is on a generative AI hiring spree - Fast Company - April 18th, 2024 [April 18th, 2024]
- Disruptive Innovation in the Era of Big Tech - HBR.org Daily - April 18th, 2024 [April 18th, 2024]
- Betting on US Big Tech? Top Earnings Reports to Watch in the Coming Week - FX Empire - April 18th, 2024 [April 18th, 2024]
- Big Tech Earnings Are Just Around the Corner - Meta Platforms (NASDAQ:META) - Benzinga - April 18th, 2024 [April 18th, 2024]
- WATCH LIVE: Will Cain holds panel to discuss Big Tech and Trump trial - Fox News - April 18th, 2024 [April 18th, 2024]
- Google fires 28 workers in aftermath of protests over big tech deal with Israeli government - The Bakersfield Californian - April 18th, 2024 [April 18th, 2024]
- Big Tech offices are getting smaller and that spells trouble for landlords - Quartz - April 18th, 2024 [April 18th, 2024]
- Asking Big Tech to police AI is like turning to 'oil companies to solve climate change,' AI researcher says - Fortune - April 18th, 2024 [April 18th, 2024]
- Big Tech Comes to Small Town: A Bitcoin Mining Story in Spur - CoinDesk - April 18th, 2024 [April 18th, 2024]
- Big Tech loses its appetite for office space, adding to landlords woes - Inman - April 18th, 2024 [April 18th, 2024]
- Google restructure leads to job cuts - Mobile World Live - April 18th, 2024 [April 18th, 2024]
- FTC's Lina Khan talks big tech monopolies on The Daily Show - The Ticker - April 18th, 2024 [April 18th, 2024]
- Digital public infrastructure will drive the future, not big tech: Amitabh Kant - BusinessLine - April 18th, 2024 [April 18th, 2024]
- Big tech is downsizing work space in another blow to office real estate | Mint - Mint - April 18th, 2024 [April 18th, 2024]
- UK Plans Talks With Big Tech to Limit Online Harm for Teens - Bloomberg - April 18th, 2024 [April 18th, 2024]
- Canada to Start Taxing Tech Giants in 2024 Despite US Complaints - Bloomberg - April 18th, 2024 [April 18th, 2024]
- US quarterly earnings to feature big growth in tech-related companies - Reuters - April 18th, 2024 [April 18th, 2024]
- Our View: Big Tech: Google continues to harm news groups for its own profit - Mankato Free Press - April 18th, 2024 [April 18th, 2024]
- Deepfake victims must punish Big Tech because Congress wont - The Hill - April 18th, 2024 [April 18th, 2024]
- Big tech kneecaps anyone researching it. The online harms bill needs to remove barriers to analysis - Policy Options - April 18th, 2024 [April 18th, 2024]
- Global future will not be driven by big tech but by India's DPI: Amitabh Kant - Moneycontrol - April 18th, 2024 [April 18th, 2024]
- Kids Code bills prompt epic showdown between regulators, activists and big tech firms - Biometric Update - April 18th, 2024 [April 18th, 2024]
- Tech Firms Retreating From Office Market - The Real Deal - April 18th, 2024 [April 18th, 2024]
- UKs antitrust enforcer sounds the alarm over Big Techs grip on GenAI - TechCrunch - April 18th, 2024 [April 18th, 2024]
- Time for government to regulate big tech - ACS - April 18th, 2024 [April 18th, 2024]
- UK Markets Authority Warns of AI Market Capture by Big Tech - BankInfoSecurity.com - April 18th, 2024 [April 18th, 2024]
- 2023 Boosts Big Techs AI monopoly? Google, Microsoft, Nvidia, and others wield money power - HT Tech - January 2nd, 2024 [January 2nd, 2024]
- Alphabet (GOOGL) and Meta Shows Power of Ads Over Subscriptions - Bloomberg - January 2nd, 2024 [January 2nd, 2024]
- Looking Beyond The 'Magnificent 7' Analysts Just Upgraded These Three Large-Cap Stocks - Anheuser-Busch - Benzinga - January 2nd, 2024 [January 2nd, 2024]
- Mapping the Biggest Tech Talent Hubs in the U.S. and Canada - Visual Capitalist - January 2nd, 2024 [January 2nd, 2024]
- Google, Meta, other tech giants slash DEI-related jobs, resource groups in 2023: Report - Fox Business - January 2nd, 2024 [January 2nd, 2024]
- South Koreas proposed tech regulations would be a gift to China - The Hill - January 2nd, 2024 [January 2nd, 2024]
- Outlook 2024: Big changes to expect in personal tech - The Indian Express - January 2nd, 2024 [January 2nd, 2024]
- Big Tech Dumped $17 Billion Into AI Companies in 2023 Despite Frozen Market - The Messenger - January 2nd, 2024 [January 2nd, 2024]
- Why OpenAI signals the start of the post-Christensen startup world - Tech.eu - January 2nd, 2024 [January 2nd, 2024]
- Opinion | Lindsey Graham and Elizabeth Warren: When It Comes to Big Tech, Enough Is Enough - The New York Times - July 29th, 2023 [July 29th, 2023]
- Globe editorial: Canada can't tackle Big Tech on its own - The Globe and Mail - July 29th, 2023 [July 29th, 2023]
- July jobs report and more Big Tech earnings are in the week ahead after markets notch historic run for Dow - CNBC - July 29th, 2023 [July 29th, 2023]
- A Setback in the F.T.C.'s Fight Against Big Tech - The New Yorker - July 29th, 2023 [July 29th, 2023]
- Be strong in the fight against Big Tech, Canada - Canada's National Observer - July 29th, 2023 [July 29th, 2023]
- Decoding volatility: Are big tech stocks as stable as we think? - CryptoSlate - July 29th, 2023 [July 29th, 2023]
- Patients think their health data will be leaked and don't trust big tech ... - Contemporary Pediatrics - July 29th, 2023 [July 29th, 2023]
- The Role of Artificial Intelligence in Big Tech Earnings Season - Fagen wasanni - July 29th, 2023 [July 29th, 2023]
- The problem with Big Tech's voluntary AI safety commitments - Emerging Tech Brew - July 29th, 2023 [July 29th, 2023]
- How the Crypto Market Prepares Ahead of Big Tech Earnings ... - BeInCrypto - July 29th, 2023 [July 29th, 2023]
- Tony Anscombe: It's Misleading to Ask if Big Tech Wants to Read ... - BroadbandBreakfast.com - July 29th, 2023 [July 29th, 2023]
- The Week Ahead: Fed, ECB and BoJ set rates, and Big Tech ... - Financial Times - July 29th, 2023 [July 29th, 2023]
- China's Big Tech making a comeback with Beijing offering fresh ... - The Straits Times - July 29th, 2023 [July 29th, 2023]
- Montgomery County school district sues Big Tech over youth mental ... - Washington Times - June 18th, 2023 [June 18th, 2023]
- Big Tech knows most Brits don't know how to protect their online ... - TechRadar - June 18th, 2023 [June 18th, 2023]
- The time for talk is over is time for action on data privacy - The Hill - June 18th, 2023 [June 18th, 2023]
- Meet the man calling out Big Techs climate hypocrisy - Corporate Knights Magazine - June 18th, 2023 [June 18th, 2023]
- Letter: UK watchdog's tough stance on Big Tech should reassure MPs - Financial Times - June 18th, 2023 [June 18th, 2023]
- Peter Thiel on Big Tech: A Throwback Lecture - Walter Bradley Center for Natural and Artificial Intelligence - June 18th, 2023 [June 18th, 2023]
- Big Tech Is Big Tobacco - The Lever - May 6th, 2023 [May 6th, 2023]
- Graham fires warning shot at Big Tech: Were going to unleash the courtrooms of America on you - Fox News - May 6th, 2023 [May 6th, 2023]
- Experts weigh the current cost of anticompetitive behavior in Big ... - NYU Law - May 6th, 2023 [May 6th, 2023]
- Big Tech lobbying on AI regulation as industry races to harness ... - Center for Responsive Politics - May 6th, 2023 [May 6th, 2023]
- 'Big Tech is knowingly fueling a mental-health crisis in this country ... - Morningstar - May 6th, 2023 [May 6th, 2023]
- EY's Abandoned Split Exposes Obstacles to Big Tech Consulting - Bloomberg Tax - May 6th, 2023 [May 6th, 2023]
- Apple CEO Tim Cook calls mass layoffs a last resort, as the company avoids the giant job cuts of its Big Tech peers - Yahoo Finance - May 6th, 2023 [May 6th, 2023]
- Big Tech stocks are flying! Which ones are the best buys today? - Motley Fool UK - May 6th, 2023 [May 6th, 2023]
- Why Indian start-ups have accused the Internet and Mobile Association of India of spreading Big Tech propaganda - The Indian Express - May 6th, 2023 [May 6th, 2023]
- Intimate Images Protection Update Big Tech Warned To Be Ready ... - BC INJURY LAW - May 6th, 2023 [May 6th, 2023]
- Apple Stock and Big Tech Are Winners. Why Cathie Wood's ARK Is Still a Loser. - Barron's - May 4th, 2023 [May 4th, 2023]
- White House officials will meet Big Tech CEOs as President Biden looks to tackle AI safety concerns - Yahoo Canada Finance - May 4th, 2023 [May 4th, 2023]
- The top 10 buzziest companies Gen Z wants to work fornone of them are in Big Tech, says new report - CNBC - May 4th, 2023 [May 4th, 2023]
- Apple Reports Earnings Today. What to Expect. - Barron's - May 4th, 2023 [May 4th, 2023]
- Big Tech Earnings: Time to Take Another Bite of Apple? - Yahoo Finance - May 4th, 2023 [May 4th, 2023]
- Vibe Check: Big Tech Is Losing Its 'Luster' For The Class Of 2023 Amid Mounting Layoffs And An Uncertain Economy - Forbes - May 4th, 2023 [May 4th, 2023]
- Lindsey Graham says Big Tech will kill online child safety bill, teases plan with Elizabeth Warren - Washington Times - May 4th, 2023 [May 4th, 2023]
- 'Break them open' new EU rules coming for Big Tech - TNW - May 4th, 2023 [May 4th, 2023]
- EY's Abandoned Split Exposes Obstacles to Big Tech Consulting - Bloomberg Law - May 4th, 2023 [May 4th, 2023]
- Open Source Communities Need More Than Funding From Big Tech - DevOps.com - May 4th, 2023 [May 4th, 2023]
- Night School, Class 3: Big Tech vs the insurgents - Financial Times - May 4th, 2023 [May 4th, 2023]
- MM View: The Big Tech monster is coming for you - but only if you let it - Money Marketing - May 4th, 2023 [May 4th, 2023]