Each new identified security threat class triggers new research and
development efforts by the scientific and professional communities. In this
study, we investigate the rate at which the scientific and professional
communities react to new identified threat classes as it is reflected in the
number of patents, scientific articles and professional publications over a
long period of time. The following threat classes were studied: Phishing; SQL
Injection; BotNet; Distributed Denial of Service; and Advanced Persistent
Threat. Our findings suggest that in most cases it takes a year for the
scientific community and more than two years for industry to react to a new
threat class with patents. Since new products follow patents, it is reasonable
to expect that there will be a window of approximately two to three years in
which no effective product is available to cope with the new threat class