A progress report issued by the Microsoft Vulnerability Research, or MSVR, program revealed that third-party developers only patched 45 percent of the vulnerabilities reported by Microsoft’s security team during the 12 months from July 2009 to June 2010.
But as Computerworld notes, this is a marked improvement over the year-long stretch through June 2009, when developers patched a paltry 13 percent of the bugs Microsoft reported. Microsoft offered an explanation for the poor patching:
This is not entirely surprising — in most cases the vulnerabilities … have been low-level architecture issues that are not easy to resolve, and vendors require considerable time to develop an effective resolution and test it thoroughly.