Analysts from X-Force, the research and development team at ISS evaluated 4472 vulnerabilities in both hardware and software last year. From the public announcement of the vulnerability on the internet, the report highlights that 3.13 percent of threats discovered had malicious code that surfaced within 24 hours, whereas 9.38 percent had code that surfaced within 48 hours.
We are seeing an increase in so called "zero-day exploits", where exploits appear on the same day as the vulnerabilities are published. Companies like Microsoft, Sophos and others are not able to issue patches and anti-virus updates fast enough.
"This does not allow product developers the time to test and issue the necessary patches needed by the end-users and enterprise administrators," said Gunter Ollman, X-Force Director at ISS.