Companies want more help from software suppliers when
dealing with "zero-day" attacks.
A global survey of 300 senior IT managers by patch management
supplier PatchLink found that the increasing speed at which
exploits are appearing after software flaws are discovered was
their biggest security headache.
More than half of respondents wanted software suppliers to take
a more flexible approach to releasing patches for zero-day
exploits, while maintaining a monthly patch release date for
unexploited vulnerabilities.
Three-quarters of IT managers said patch cycles, such as
Microsoft's monthly Patch Tuesday, helped with planning, but more
immediate threats had to be tackled sooner.
Microsoft is currently tackling three bugs in its Internet
Explorer browser, with an exploit for one of them circulating on
the internet since last week. Two firms have issued unofficial
patches for the exploit, and 45% of survey respondents said they
would consider such fixes, despite suppliers warning that
third-party patches can potentially cause problems on users'
systems.
