"Only 10% of Vulnerabilities Are Remediated Each Month"

Security researchers from SecurityScorecard and The Cyentia Institute revealed only 60% of organizations have improved their security posture despite a 15-fold increase in cyberattacks over the last three years.   The joint research sought to measure the speed of vulnerability remediation from 2019 to 2022 and revealed only modest progress in the area of vulnerability remediation.  The researchers found that 53% of the 1.6 million organizations assessed had at least one exposed vulnerability to the internet, while 22% of organizations amassed more than 1,000 vulnerabilities each, confirming more progress is required to protect organizations’ critical assets.  The researchers also found that the financial sector had among the slowest remediation rates (median to fix 50% = 426 days), while utilities ranked among the fastest (median = 270 days).  The researchers found that surprisingly, despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there was little evidence that organizations in this sector fixed exploited flaws faster.  Regardless of how many total vulnerabilities existed across their domain(s), organizations typically fixed about 10% of weaknesses each month.  The researchers stated that the information sector (62.6%) and public sector (61.6%) had the highest prevalence of open vulnerabilities.  The financial sector (48.6%) exhibited the lowest proportion of open vulnerabilities.

Help Net Security reports: "Only 10% of Vulnerabilities Are Remediated Each Month"