Orgs Doing More App Security Testing but Fixing Fewer Vulns
A new study by WhiteHat Security shows that in 2018, US companies tested 20% more application for security vulnerabilities than in the year before, but they fixed only about half (50.7%) of critical flaws and 37% of high severity issues that were uncovered during dynamic application security tests (DAST). This indicates a significant drop in remediation efforts, the numbers for which were 57% and 46%, respectively, in 2017.
Last year, websites contained an average of 3.2 critical flaws and this number was far higher for certain industries, including IT (7), mining (7), retail (6.9) and manufacturing (6.7). The average remediation time for critical vulnerabilities was 149 days (nearly 5 months), and for high severity flaws it was 235 days (more than 7.5 months).