Over the last 6 months, WhiteHat has been tracking some key application security statistics alongside the fast-evolving threat landscape. In doing this, WhiteHat’s been able to offer context to what these raw stats mean to a company’s applications. Over this time frame, there have been some breaches that have aligned with what our team is seeing in the data, such as the SolarWinds outbreak and the Colonial Pipeline ransomware attack – both occurring in sectors with increasingly long windows of exposure. But what these examples show is that security seems to only become a priority after an incident has occurred. Is that because when an application moves into maintenance, it does not get the same attention and frequency of releases?
In this month’s installment, WhiteHat Security’s Setu Kulkarni, vice president of corporate strategy and business development, and Zach Jones, senior director of detection research, discuss the data behind AppSec Stats Flash Vol. 6 and the disparate needs of legacy applications and newer greenfield applications – presenting the case for two-speed appsec.
After starting the year off with a WoE hovering around 55%, utility sector applications are now the most vulnerable across all industries. Finance and Insurance, however, have a WoE of only 43% and their more serious vulnerabilities are actually getting fixed within one month more often.
Check out this month’s podcast and download the full report here.
Each month, the AppSec Stats Flash reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis and brings forward key actionable takeaways for security and development teams who are responsible for the applications that run their business.