You're wasting your time fixing 97 percent of vulnerabilities

1 Comment
Dissolving clock

According to new research only three percent of 'critical' code vulnerabilities are attackable, which means developers should be able to better prioritize efforts and significantly reduce their workload.

The study from automated security testing firm ShiftLeft finds that focusing on the three percent allows teams to greatly speed up and simplify efforts. ShiftLeft saw a 37 percent improvement from last year in mean time to remediate new vulnerabilities with a median scan time of 1 minute 30 seconds.

Faster scans, automated insertion in CI pipelines, and greater scan coverage across more languages, also enabled AppSec teams to shift from scanning for vulnerabilities monthly or weekly to daily scans. The report tracked a 68 percent increase year-on-year in daily scans.

By identifying and prioritizing OSS vulnerabilities that are actually attackable, AppSec teams and developers fix what matters, ship code faster and actually improve security with fewer, better fixes.

"Based on our findings, two out of three development teams are literally wasting time on the 97 percent of fixes that are not attackable and provide little security benefit," says Manish Gupta, CEO at ShiftLeft. "On the other hand, teams that shift security left and focus on attackability ship more secure code, more frequently. This clearly improves the security of their applications while also improving developer productivity and product velocity."

ShiftLeft also looked specifically at scans for the Log4J vulnerability and mapped actual data flows through production applications by combining the results of Static Application Security Testing (SAST) analysis and Software Composition Analysis (SCA). This analysis found that only four percent of all Log4J instances were in fact vulnerable. Teams that had this information saved months of wasted time hunting down and fixing Log4J instances that posed little or no risk.

The full report is available from the ShiftLeft site.

Image credit: Shveyn Irina / Shutterstock

1 Comment

One Response to You're wasting your time fixing 97 percent of vulnerabilities

Got News? Contact Us

Recent Headlines

Phishing attacks up 60 percent driven by AI

Samsung begins mass production of 1Tb 9th-Gen V-NAND

Get 'Coding with AI For Dummies' (worth $18) for FREE

Meta introduces Horizon OS

Open-source audio editor Audacity 3.5 available for Windows, Linux, and Mac

Stop sideloading headaches on Apple devices: Why EU admins need MDMs now more than ever

Email still the most popular phishing technique even on mobile

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

20 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.