What does this mean?
A new study has suggested that security holes, also known as zero-day vulnerabilities can lay dormant for up to 10 years.
This gives hackers plenty of time to develop exploits for a range of software.
The figures come from research organisation Rand, it looked at 200 security flaws. A huge 40 per cent of these are not publicly known.
The study suggests that 25 per cent of vulnerabilities become publicly known within one and half years, 25 per cent remain undiscovered for more than nine and half years.
Vulnerabilities which are publicly known become disclosed with a patch and once a vulnerability is found an exploit can be made within 22 days.
Lillian Ablon, lead author of the study, said: “Looking at it from the perspective of national governments, if one’s adversaries also know about the vulnerability, then publicly disclosing the flaw would help strengthen one’s own defence by compelling the affected vendor to implement a patch and protect against the adversary using the vulnerability against them,”
“On the other hand, publicly disclosing a vulnerability that isn’t known by one’s adversaries gives them the upper hand, because the adversary could then protect against any attack using that vulnerability, while still keeping an inventory of vulnerabilities of which only it is aware of in reserve.”