Dublin, IRELAND – 18th February 2020 – Edgescan, the ‘fullstack’ Vulnerability Management Security as a Service (SaaS) solution provider, today releases its fifth Vulnerability Stats Report looking at the state of fullstack security in 2019, based on tens of thousands global assessments. The report has revealed that, in 2019, it took organisations an average of 50.55 days (nearly eight weeks) to remediate critical risk vulnerabilities for public internet-facing web applications and 49.26 days for internet-facing network layer critical risk vulnerabilities.
The report also found that high or critical risk vulnerabilities in external facing web applications had significantly increased from 19.2 per cent in 2018 to 34.78 per cent in 2019. High or critical risk vulnerabilities discovered in externally facing network layer systems had also more than doubled in 2019, going up to 4.79 per cent from just 2 per cent the previous year.
“2019 saw more than 8 billion records breached, with some of the biggest breaches being experienced by Capital One, Quest Diagnostics, Houzz and Zynga. Many of these breaches were caused by web application layer vulnerabilities that could have been preventable with if appropriate secure development and visibility practices were adhered to,” comments Eoin Keary, CEO of Edgescan. “Although the time-to-remediate critical risk vulnerabilities for public internet facing web applications has reduced by just over 18 days since 2018, we are still seeing high rates of known and patchable vulnerabilities which have working exploits in the wild. This could be due to the fact it is hard to patch production systems. Web application security is where the majority of risk still resides, and this is an area that organisations, no matter what size, should be taking notice of.”
Further key findings from the report:
Marketing Executive of Edgescan