Webmasters/developers cannot keep up with the pace of the updates; after all, updating properly takes time.
Legacy code won’t work on newer versions of its dependencies.
Webmasters are scared that something will break on their website.
Webmasters don’t have the expertise to properly apply the update.
This might be a little too dramatic, but every time you disregard an update warning, you might be allowing a now known vulnerability to survive in your system. Trust us, cybercriminals are quick to investigate software and changelogs.
Whatever the reason for running out-of-date software on your web application, you can’t leave it unprotected. Both Sucuri and OWASP recommend virtual patching for the cases where patching is not possible.
Virtual patching affords websites that are outdated (or with known vulnerabilities) to be protected from attacks by preventing the exploitation of these vulnerabilities on the fly. This is usually done by a firewall and an intrusion detection system.
Do'stlaringiz bilan baham: |