NTT Application Security released its “AppSec Flash Vol. 7” report, which detailed the company’s six-month trend findings regarding application security and its “wider threat landscape.” The study included elements such as window of exposure, vulnerability by class and time to resolve.
Key observed trends included 66 percent of applications in the Utilities sector containing “at least” one serious, exploitable vulnerability throughout the year:
- Wholesale trade (7 percent), education / retail trade / manufacturing (4 percent) and healthcare (2 percent) software experienced growth in exposure windows.
- Wholesale trade (15 percent) and utilities (11 percent) sectors logging general increases in window of exposure over the half-year period since the start of 2021.
- Finance / insurance / manufacturing / public administration witnessing moderate declines in such windows.
The latter drop-offs, it was noted, are likely due to “increased focus on security” following targeted breaches and new regulations.
At the same time, remediation rates for “critical” and “high” (50 percent) both declined, respectively, 6 percent and 12 percent, while the average time-to-fix for “critical” (202 days) and “high” vulnerabilities (246 days), both up over the January-June period.
NTT also recorded a general rise in HTTP response splitting and pedestrian vulnerabilities.