Just 5.5% of vulnerabilities are exploited
Why do hacker always wear hoodies? Because they’re sensitive to cold. © iStock.
A recent study (PDF) found that only 5.5% of security vulnerabilities discovered by researchers were actually ever used by hackers. Why? Quite simply, because all vulnerabilities are not created equal, and hackers seek to control the most computers with the least amount of effort possible. In other words, some flaws are much easier and worthwhile to hack than others. That means that security patching should be done on a priority basis, starting with the highest-risk vulnerabilities; unfortunately, this prioritization is not an exact science. Besides, another study shows no correlation between the amount of media attention a vulnerability receives and the urgency of patching it, outside of marketing and public-relations considerations.
⇨ Axios, “Why hackers ignore most security flaws.”