SearchSecurity – Published: 02 May 2013
Fully one-third of all websites surveyed last year were found to be vulnerable on a daily basis to a “serious” flaw like cross-site scripting, information leakage or content spoofing, according to a report on site vulnerabilities released today by WhiteHat Security.
While industries like entertainment and media were relatively quick to fix website vulnerabilities (an average of 33 days), WhiteHat’s survey found that industry-wide the average was 193 days from first notification.
Retail, health care and insurance websites were among the laggards, each taking well over 200 days to fix their sites after notification. Frequently updated retail sites, for instance, generally pose greater security challenges for Web developers, experts said, because each code deployment introduces new vulnerabilities.
“It’s an unforgiving environment,” stressed Jeremiah Grossman, WhiteHat Security’s founder and chief technical officer. The proliferation of “broken code” results in a “race to see who can exploit vulnerabilities.” Hence, most security patches for websites don’t work.
Still, the remediation rate for all sites surveyed was 61% in 2012, the Web security firm found, compared to only 35% in 2007.