"Time to Fix High Severity Apps Increases by Ten Days"

Researchers at NTT Application Security found that the average time to fix high severity application security flaws has increased by ten days in just a month.  Although it found the "time to fix" had dropped overall by two days, from 202 days to 200 days, for high severity vulnerabilities, it increased from 246 days last month to 256 days in this month's analysis.  The report found that utilities and retail firms, in particular, were performing poorly.  The researchers stated that applications in the utility space continue to suffer from the high window of exposure, with 67% of applications having at least one serious exploitable vulnerability throughout the year. The researchers also stated that vulnerable applications are an increasingly dangerous vector for embedding ransomware and enabling supply chain attacks.  The top five vulnerability types by volume were HTTP response splitting, query language injection, cross-site scripting (XSS), cross-site request forgery, and remote file inclusion.  The researchers noted that the top five vulnerability types remain unchanged from previous months, indicating a "systemic failure" to address well-known security issues.

Infosecurity reports: "Time to Fix High Severity Apps Increases by Ten Days"