Waratek: Enterprises Miss Out on Fixing 60% of Security Vulnerabilities

Waratek is a application security solutions provider that helps organizations discover security flaws. In a recent survey that they conducted at the Gartner Security and Risk Management Summit of 2015, Waratek says that they found that 60% of the senior security professionals that they polled indicated that they do not remediate application security issues that they find when performing application testing.
Other interesting facts found in the survey suggest that half of the total respondents say that it takes their organizations 3 months or more to respond to an application security issue. When you break that number down even further, 23% of those said it took 3 month, while 27% mentioned that it took longer.
“We expected the number of known vulnerabilities being fixed by enterprises would be low, but were surprised by the sheer volume that are never addressed. The amount of time it takes to remediate those that are being corrected was even more disturbing,” said Waratek CEO Brian Maccaba. “The fact that software application security testing tools are unable to remediate the vulnerabilities they detect is a major reason why organizations are only able to fix 40 percent or less of the flaws they know exist.”
Other Findings from the Survey
Waratek says that it polled over 100 security execs in its survey. Here’s a closer look at the survey’s findings:

  • 52% of security execs perform software application security testing on less than half of their software in their environments.
  • 36% of organizations fix only 40% of the vulnerabilities found by software application security testing
  • Only 11% of organizations fix their security flaws within 2 weeks or less.

One of the biggest problems in application security is that you only know what is known. That’s why it is difficult to pinpoint the actual application weaknesses because organizations often find out about them when it’s too late. Waratek builds tools to give organizations a proactive approach to tackling application security testing.