Microsoft: Third-Party Vendors Failing to Patch Flaws

By Kara Reeder | Jul 29, 2010 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/microsoft-third-party-vendors-failing-patch-flaws
A progress report issued by the Microsoft Vulnerability Research, or MSVR, program revealed that third-party developers only patched 45 percent of the vulnerabilities reported by Microsoft's security team during the 12 months from July 2009 to June 2010.

But as Computerworld notes, this is a marked improvement over the year-long stretch through June 2009, when developers patched a paltry 13 percent of the bugs Microsoft reported. Microsoft offered an explanation for the poor patching:

This is not entirely surprising -- in most cases the vulnerabilities ... have been low-level architecture issues that are not easy to resolve, and vendors require considerable time to develop an effective resolution and test it thoroughly.