Over the years, the need for security is clearly necessary. Those who are computer users or Internet and they enjoy the limitless possibilities that they are given everyday they need to know their imperfections. The vulnerabilities of the software are causing many of the problems, but also the need for repair.
We should not forget, of course, that like all the software has created people and is expected to have mistakes. Just in cases where these errors burden critical systems, it is imperative to deal directly with them. The various defensive mechanisms that have been created over the years, such as the WAFs (Web Application Firewalls), are very helpful but they do not fix it. Some bugs need to be repaired.
Both the private and the public sectors are often at risk and then hit. Now, the public sector and the government are using software that may harm them. This is why the United States Department of Homeland Security (DHS) has issued guidance for US government agencies. These repairs are very important.
Of course, it is a fact that there is a relative inability from the agencies in relation to the repair of vulnerabilities in the software. Proof of this is that for serious vulnerabilities, the average repair time exceeds one month. The time they need hackers to access a vulnerable software? Sometimes it takes only a few hours.
Sometimes the solutions used are not appropriate. Other times, human resources are not enough and the priorities that come in are not the right ones. As a result, many departments operate without staff. Dealing with a solution is usually fragmentary, which means that the systems remain unattended for days or weeks until the next test and development cycle.
The new Ministry's instructions request a reduction in the days needed for the repair, in 15 calendar days and 30 days to apply corrections. In addition, the ministry will communicate with the departments on 15 days and if no change is made, it will be waiting for explanations.
However, simply reducing time is not enough to protect an organization's systems from attacking. Even organizations that follow the DHS command may be vulnerable to attack for up to 15 calendar days, since there is enough time for an attacker to discover and exploit a vulnerable software.