Even with an abundance of application assessment tools available on the market and a growing understanding of application security, application vulnerabilities persist in applications. The average number of serious vulnerabilities found per website per year is 79, and the average days a website is exposed to one serious vulnerability is 231 days. The overall percentage of serious vulnerabilities that are fixed annually is only 63% (WhiteHat Security Statistics Report, 2012).
Too Many Reports That Are Difficult to Organize
Application security teams use automated static and dynamic test results as well as manual testing results to assess the security of their applications. Each test delivers results in different formats, and different test platforms describe the same flaws differently, creating duplications.
Security Teams and Development Teams Struggle to Work Together
Security teams end up using spreadsheets to keep track vulnerabilities manually, and they struggle to prioritize the severity of the flaws as a result. Software development teams receive unmanageable reports and, as a result, only a small number of flaws get fixed. Remediation of security vulnerabilities can quickly become an overwhelming project for security teams and application development teams alike.
Denim Group created ThreadFix, an application security vulnerability management software to help address these challenges. Learn more about the benefits of ThreadFix.