Security Flaws Take Almost 9 Months to Patch

by Justin Erickson

A new study has revealed that 56% of software applications contain high-severity security vulnerabilities, while 80.3% contain any flaws. The fix time for these vulnerabilities has increased to an average of eight and a half months – a 47% increase in the past 5 years – with many stemming from dependencies on third party and AI generated code. This often leaves the door open for hackers to exploit these unpatched vulnerabilities. Along with this finding, it was also discovered that there is a vast difference between organizations’ abilities to find and patch vulnerabilities. The top 25% fixed more than 10% of their software flaws every month, while the bottom 25% fixed less than 1% of their vulnerabilities every month. This report highlights the growing need for regular security testing and timely patch management to mitigate the risks of these flaws.