CybersecuritySecurity NewswireCybersecurity News

Window of Exposure (WoE) a major concern as applications remain increasingly vulnerable

cyber freepik

<a href='https://www.freepik.com/vectors/website'>Website vector created by iuriimotov - www.freepik.com</a>

April 22, 2021

WhiteHat Security released AppSec Stats Flash Vol. 4, the latest installment of the company's monthly report and podcast reflecting on the current state of application security and the wider cyber threat landscape.

Key insights and additional details on this month’s statistical data and findings include: 

  • Window of Exposure (WoE) is a major concern as applications remain increasingly vulnerable across all industries. To improve these metrics, security and DevOps teams must take a holistic approach to identifying, prioritizing, and remediating these vulnerabilities in a manner that configures all changes with the development controls in process.
  • This month's data shows that public administration is now more vulnerable than manufacturing as an industry. We find that 71% of apps in the public administration space now have a WoE of a full year. This means that 71% of apps in public administration have at least one serious exploitable vulnerability open throughout the year.
  • If we look not only at public administration but the group of industries who historically have not been online as their primary business, compared to the group of industries who have a longer history of being online. If we look at this month’s WoE data in comparison to WoE data we released in Vol. 1., it’s interesting to see that that group that has more experience of being online is seeing relative improvement and the group that has less experience being online is seeing some negative trends in terms of an increasing WoE. 
  • Industries with Largest Window of Exposure
    • Public Administration - 71%
    • Manufacturing - 69%
      • WhiteHat Analysis: “The Window of Exposure for the public administration and manufacturing sectors increased to 71% of public administrator applications and 69% of manufacturing applications reporting at least one serious vulnerability over the last 12 months.” – Zach Jones, Senior Director of Detection Research at WhiteHat Security
  • Highest Vulnerability per Site - Cross Site Scripting - 2.1
  • Highest Vulnerability Likelihood (Percent of Sites) - Information Leakage - 34.3%
    • WhiteHat Analysis: “Data shows Cross-Site Scripting sites have on average 2.1 vulnerabilities per site related to information leakage.” – Zach Jones, Senior Director of Detection Research at WhiteHat Security
  • Remediation Rates by Class (Percent of Findings Remediated) - XPath Injection - 100%
  • Industries with the Highest Time to Fix (Days)
    • Educational Services - 395.8
    • Utilities - 389.9

For more findings, please visit https://www.whitehatsec.com/appsec-stats-flash/

KEYWORDS: application security cyber security risk management threat landscape

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!