Internet Explorer Patch Half-Life from September 2013 Patch Tuesday
First defined as a metric in 2003, half-life is the time interval needed for reducing the occurrence of a vulnerability by half. The initial average duration of half-life has been around 30 days. The duration of the interval varies by industry sector, with clear distinctions for example between finance and manufacturing. Another influencing factor is the application class, where applications that offer a structured update mechanism are typically found on the leading edge of the half-life metric. Vulnerability half-life data is based on the over 800 million scans performed yearly by Qualys.
Additional metrics will be added as they are defined by project participants.