The security industry is beginning to release data that focuses on the prevalence of different types of vulnerabilities and incidents. However interesting, such data falls short of providing crucial information to aid organizations with their software remediation efforts. This presentation provides statistical data from 15 different web application remediation projects in order to provide real insight into the costs of remediating application-level vulnerabilities. The data addresses pressing questions, including how much time is spent on different phases of remediation projects (inception, planning and execution), and how much time is required to remediate different classes of vulnerabilities. Based on this data, analysis is also provided so organizations can make decisions about which vulnerabilities should be fixed and which should be left, how to schedule vulnerability remediation into software project schedules, and activities organizations should undertake in order to prevent the most costly vulnerabilities from occurring in the first place.
dan _at_ denimgroup.com