Time to Fix High Severity Apps Increases by Ten Days


The average time taken to fix high severity application security flaws has increased by ten days in just a month, according to the latest data from NTT Application Security.

The security vendor’s AppSec Stats Flash report for August offers a broad view of the current state of application security across various verticals.

Most important is the data that details how quickly or otherwise organizations are at closing the window of exposure (WoE) between a patch becoming available and one being applied.

Although it found the “time to fix” had dropped overall by two days, from 202 days to 200 days, for high severity vulnerabilities, it increased from 246 days last month to 256 days in this month’s analysis.

The report found that utilities and retail firms, in particular, were performing poorly.

“Applications in the utility space continue to suffer from high window of exposure, with 67% of applications having at least one serious exploitable vulnerability throughout the year,” it noted.

“Retail Trade saw an increase of three base points in its WoE — from 58% last time to 61% this time. As we get closer to the final quarter of the year, there will be an expected increase in the transactions and activity on retail web and mobile applications. As such, applications in this sector are going to be rich targets for exploits.”

The most vulnerable sector was once again the “Management of Companies and Enterprises” vertical.

NTT Application Security warned that vulnerable applications are an increasingly dangerous vector for embedding ransomware and enabling supply chain attacks.

The top five vulnerability types by volume were HTTP response splitting, query language injection, cross-site scripting (XSS), cross-site request forgery and remote file inclusion.

These remain unchanged from previous months, indicating a “systemic failure” to address well-known security issues and making the task of threat actors even easier, the vendor claimed.

Products You May Like

Articles You May Like

‘Konfety’ Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
Should ransomware payments be banned? – Week in security with Tony Anscombe
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
Indiana County Files Disaster Declaration Following Ransomware Attack
Hackers Downloaded Call Logs from Cloud Platform in AT&T Breach

Leave a Reply

Your email address will not be published. Required fields are marked *