Security News > 2021 > July > Window of Exposure is Expanding and Hackers Know Exactly Where to Strike
The remediation of application vulnerabilities is declining; the time it takes to fix critical vulnerabilities is growing; and the window of exposure available to hackers is expanding.
When these details are combined with no change to the type of vulnerabilities that continue to be prevalent, the result is that hackers know exactly where to focus their attacks, and they have more time to do so.
The software industry has responded, with new applications or new versions of existing applications being released at a fast pace.
Because of business pressure, features get prioritized over quality and security during development; and the time to fix a quality or security issue becomes lengthy once the application reaches production.
"And there is little or no prioritization in the way security issues are handled - so only around 50 percent ever get addressed. Organizations are struggling to keep pace with the business demand for more features and more applications at a more rapid pace. Alongside that, critical vulnerabilities found in apps take a long time to fix because there are not enough resources, and there's poor prioritization. Only 50 percent ever get fixed. These issues combine to produce the very high window of exposure we see today."
"The other end of the spectrum," he continued, "Is the hundreds of millions of end users. I foresee a future scenario where there will be a groundswell of user opinion against a particular app and its developer when there are enough breaches. At the end of the day, if the end users stop voting for the software with their dollars, therein lies the biggest penalty for the software companies. So, software companies are walking a very thin line - it's just a question of a critical mass of end users banding together and starting a viral movement against a particular application. That's the biggest form of penalty and would be a day of reckoning for the software industry."