starrsoft writes: CNet's Download.com claims, "We test all software products submitted to us against a comprehensive set of criteria... [we screen] for common viruses and spyware... We will not list software that contains viruses, Trojan horses..." Despite this, they're hosting software with a virus circa-1999, something incredibly simple to catch. This shows their virus-screening process is totally inadequate. Also, the user-rating for this software is 1-star (with the reviews screaming "Virus!"), while CNet editors gave it a 5-star rating; apparently CNet doesn't review user-ratings or have a process to automatically flag for manual review a piece of software that gets consistent 1-star reviews
itwbennett writes: In its annual report on data breaches, Verizon found in 2009, there was not a 'single confirmed intrusion that exploited a patchable vulnerability.' The finding has caused Verizon to question how businesses should approach patching: 'We've observed companies that were hell-bent on getting patch x deployed by week's end but hadn't even glanced at their log files in months,' the report said. 'This kind of balance isn't healthy. Therefore, we continue to maintain that patching strategies should focus on coverage and consistency rather than raw speed.'