Majority of websites are vulnerable: report

A report from WhiteHat Security has found that majority of websites had at least one vulnerability in 2012.

WhiteHat Security said it collected information from websites of over 650 organisations with software development lifecycle (SDLC) activity data obtained from 76 survey respondents.

The company found that the average number of serious vulnerabilities per website has declined to 56 in 2012 from 79 in 2011.

WhiteHat said despite this, 86% of websites tested were found to have at least one serious vulnerability exposed to attack during every single day of 2012.

According to the report, of the serious vulnerabilities found, on average 61% were resolved and only 18% of websites were vulnerable for fewer than 30 days in 2012.

The IT industry experienced the highest number of vulnerabilities per website at 114, WhiteHat said.

The study found that government websites had the fewest serious vulnerabilities with eight detected on average per website, followed by banking websites with 11 on average per website.

WhiteHat Security co-founder and CTO Jeremiah Grossman said organisations need to better understand how various parts of the SDLC affect the introduction of vulnerabilities, which leave the door open to breaches.

"This collective data has shown that many organisations do not yet consider they need to proactively do something about software security," Grossman said.

"It is apparent that these organisations take the approach of ‘wait-until-something-goes-wrong’ before kicking into gear unless there is some sense of accountability."

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up