Challenges of Managing Application Vulnerabilities

Even with an abundance of application assessment tools available on the market and a growing understanding of application security, application vulnerabilities persist in applications. The average number of serious vulnerabilities found per website per year is 79, and the average days a website is exposed to one serious vulnerability is 231 days. The overall percentage of serious vulnerabilities that are fixed annually is only 63% (WhiteHat Security Statistics Report, 2012).

Too Many Reports That Are Difficult to Organize

Application security teams use automated static and dynamic test results as well as manual testing results to assess the security of their applications. Each test delivers results in different formats, and different test platforms describe the same flaws differently, creating duplications.

Security Teams and Development Teams Struggle to Work Together

Security teams end up using spreadsheets to keep track vulnerabilities manually, and they struggle to prioritize the severity of the flaws as a result. Software development teams receive unmanageable reports and, as a result, only a small number of flaws get fixed. Remediation of security vulnerabilities can quickly become an overwhelming project for security teams and application development teams alike.

Denim Group created ThreadFix, an application security vulnerability management software to help address these challenges. Learn more about the benefits of ThreadFix.

About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.