Edgescan’s 2020 Vulnerability Stats Report also reveals the time to patch vulnerabilities for an internet-facing system is now 71 days
DUBLIN, IRELAND, February 21, 2020 /24-7PressRelease/ — Edgescan, the ‘fullstack’ Vulnerability Management Security as a Service (SaaS) solution provider, today releases its fifth Vulnerability Stats Report looking at the state of full stack security in 2019, based on tens of thousands global assessments. The report has revealed that, in 2019, it took organisations an average of 50.55 days (nearly eight weeks) to remediate critical risk vulnerabilities for public internet-facing web applications and 49.26 days for internet facing network layer critical risk vulnerabilities.
The report also found that high or critical risk vulnerabilities in external facing web applications had significantly increased from 19.2 per cent in 2018 to 34.78 per cent in 2019. High or critical risk vulnerabilities discovered in externally facing network layer systems had also more than doubled in 2019, going up to 4.79 per cent from just 2 per cent the previous year.
“2019 saw more than 8 billion records breached, with some of the biggest breaches being experienced by Capital One, Quest Diagnostics, Houzz and Zynga. Many of these breaches were caused by web application layer vulnerabilities that could have been preventable with if appropriate secure development and visibility practices were adhered to,” comments Eoin Keary, CEO of Edgescan. “Although the time to remediate critical risk vulnerabilities for public internet facing web applications has reduced by just over 18 days since 2018, we are still seeing high rates of known and patchable vulnerabilities which have working exploits in the wild. This could be due to the fact it is hard to patch production systems. Web application security is where the majority of risk still resides, and this is an area that organisations, no matter what size, should be taking notice of.”
Further key findings from the report:
• A 20-year-old vulnerability was discovered still ‘in the wild’ in over 3500 systems across Europe and North America. Originally discovered in 1999, the CVE-1999-0517 vulnerability has CVSS high severity risk score of 7.5 (out of 10) and the potential to cause a serious data breach.
• The most common CVE vulnerability in 2019 was first discovered in 2016, over four years ago. The CVE-2016-2183, has a high severity risk score of 7.5 (out of 10) and makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long duration encrypted session.
• On average, 67.8 per cent of assets had at least one CVE with a CVSS (v3.x) value of 4.0 or more, making the non-compliant with PCI regulations.
To download the full report, please visit: https://landing.edgescan.com/vulnerability-stats
Edgescan offers an ISO 27001 Certified Vulnerability Management Security as a Service (SaaS) solution. The edgescan™ SaaS security solution manages thousands of assets across the globe for both enterprise and SME clients helping them to continuously detect, prioritise, monitor and fix security weaknesses for Internet-facing systems, such as web applications, API’s, websites, mobile apps, servers, firewalls, VPN’s or VoIP services. Due to intelligent validation of all discovered vulnerabilities, the solution is highly accurate and virtually false positive free.
The company was founded in 2011 by previous OWASP (Vice Chair) Global Board member, and OWASP Testing Guide project lead, Eoin Keary. Edgescan has received accolades such as Pen Testing solution of the year 2019 (Computing Security Awards), Top 10 Vulnerability Management Solution Providers – 2019 (Enterprise Security Magazine), Managed Security Service Provider of the Year 2019 (Tech Excellence Awards). Top scoring AST (Application Security Testing) solution in Gartner Peer Insights 2020.
To find out more, visit www.edgescan.com or follow edgescan on Twitter at @edgescan
For the original version of this press release, please visit 24-7PressRelease.com here