Challenges of Managing Application Vulnerabilities

Even with an abundance of application assessment tools available on the market and a growing understanding of application security, application vulnerabilities persist in applications. The average number of serious vulnerabilities found per website per year is 79, and the average days a website is exposed to one serious vulnerability is 231 days. The overall percentage of serious vulnerabilities that are fixed annually is only 63% (WhiteHat Security Statistics Report, 2012).

Too Many Reports That Are Difficult to Organize

Application security teams use automated static and dynamic test results as well as manual testing results to assess the security of their applications. Each test delivers results in different formats, and different test platforms describe the same flaws differently, creating duplications.

Security Teams and Development Teams Struggle to Work Together

Security teams end up using spreadsheets to keep track vulnerabilities manually, and they struggle to prioritize the severity of the flaws as a result. Software development teams receive unmanageable reports and, as a result, only a small number of flaws get fixed. Remediation of security vulnerabilities can quickly become an overwhelming project for security teams and application development teams alike.

Denim Group created ThreadFix, an application security vulnerability management software to help address these challenges. Learn more about the benefits of ThreadFix.

About John Dickson

John Dickson web resolution

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd, the parent company of ThreadFix. He has more than 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.