67 Days to Fix a Serious Web Vulnerability?
Posted by hyperguard on November 16, 2009
We recently heard some startling information—WhiteHat reported it takes the industry an average of 67 days to fix Cross-Site Scripting (XSS) issues! They shared this fact during a presentation revealing research on the progress companies are making in Web application security.
According to Jeremiah Grossman, WhiteHat found that 83% of websites have had at least one serious vulnerability. 64% of websites currently have at least one serious vulnerability, the most prevalent being XSS. Although awareness of XSS is building and they know how to fix it, Jeremiah says it still takes time to fix the issue. If an organization has a vulnerability for 67 days, it can create a downturn for the website or a loss in revenue. Why is it difficult for some companies to resolve vulnerabilities quickly? This can happen for a number of reasons including the coding is old and no one currently at the organization can maintain it, the code was outsourced or the error does not cause a compliance violation and it gets overlooked.
The presentation went on to say that only 30 to 60% of vulnerabilities ever get fixed. Although there is awareness for web application problems, there is not enough being done about them. Imagine how an ecommerce site would suffer during the holiday season if it had a web vulnerability for 67 days! This is a common issue and one the cloud computing industry is particularly susceptible to. One of the major uses for cloud services right now is overflow services during holidays and other abnormally high web traffic periods. This is the reason we have created made hyperguard SaaS for Amazon Web Services available – to allow companies to extend protection into the cloud.