Businesses continue to struggle with app security
Threats to web, mobile and API-based apps are developing rapidly and the average time taken to fix them isn't improving, with critical vulnerabilities remaining open on average for 202 days.
NTT Application Security has released its latest AppSec Stats Flash report looking at the current state of application security and the wider threat landscape. It finds the utilities sector the worst, with with 66 percent of applications in the industry having at least one serious exploitable vulnerability throughout the year.
Looking at the 'Window of Exposure' -- the amount of time that an application has a serious vulnerability that can be exploited to data breaches -- finds education, manufacturing, and retail and wholesale trade applications each saw an increase in WoE this month. The wholesale trade sector experienced a seven percent increase in the WoE, while education, retail trade and manufacturing rose by four percent and healthcare by two percent. Since the beginning of the year wholesale has seen a 15 percent increase in WoE, while utilities have experienced an 11 percent increase.
On a more positive note the finance and insurance sectors improved over last month, reporting a two percent drop in their WoE. Manufacturing, public administration and healthcare have seen a decline in their respective Window of Exposures over the first six months of the year, likely due to an increased focus on security following targeted breach activity and/or new regulation.
Average time to fix for critical vulnerabilities increased from 197 days at the beginning of the year to 202 days at the end of June. For high vulnerabilities it has increased from 194 days to 246 days at the end of June.
You can get the full report from the NTT site.