3. Find ways to mitigate the impact of heavy patches. The reason for enterprises to slowly update software is obvious: the fear of breaking the software, which in turn can lead to disruption of well-established business processes. It should be noted that there is a grain of reason in this approach. As the recent example with Spectre and Meltdown patches confirms, enterprises are not ready to put up with safe, but slow work. As the Veracode report says, the additional round of branching operations in Spectre and Meltdown patches leads to slower systems, but given the exceptional nature of the situation, this step will have to be taken.
Experts understand that many vendors are new zealand whatsapp data of patching vulnerabilities, but they are sure that they have no other choice - no one knows yet how unpatched breaches will affect enterprises. In any case, both Intel and other companies are already working hard to ensure that "heavy" patches have a minimal impact on the performance of processor architectures.
4. Managing dependencies and third-party components. security company Snyk has shown, developers are not eager to support the components included in their software. As it turned out, 43% of developers never check their code for vulnerabilities. Only 11% of developers do this work quarterly, according to the State of Open-Source Security report. Snyk audited the code base of 433 thousand sites and found that 77% of them had at least one vulnerability in the front-end JavaScript library.