The average website has serious vulnerabilities more than nine months of the year and data leakage has over taken cross site scripting as the most common website vulnerability, according to WhiteHat Security.
Overall top 10 vulnerability classes of 2010
“It’s inevitable that websites will contain some faulty code – especially in sites that are continually updated. Window of Exposure is a useful combination of the vulnerability prevalence, the time it takes to fix vulnerabilities, and the percentage of them that are remediated,” said Jeremiah Grossman, founder and CTO of Whitehat Security. “Specifically for CIOs and security professionals, measuring window of exposure offers a look at the duration of risk their business and user data is exposed to by not having sufficient remediation processes in place.”
The average website falls into the “always” and “frequently” vulnerable categories – meaning they were exposed more than 270 days of the year. When looking at window of exposure across industries it becomes apparent there’s a vast difference in the approach to website security.
Heavily regulated industries like healthcare and banking have the lowest rates, yet still 14 and 16 percent (respectively) of the sites had a serious vulnerability throughout the year.
Social networking and retail have two of the largest windows of exposure, potentially reflecting the rate at which they update sites and introduce new code.
The education industry has the dubious honor of leading the category – with 78 percent of sites being vulnerable at least nine months of the year. Figure one highlights window of exposure by industry.
The complete report is available here.