Security News > 2022 > September > Backlogs larger than 100K+ vulnerabilities but too time-consuming to address

Rezilion and Ponemon Institute announced the release of "The State of Vulnerability Management in DevSecOps," which reveals that organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively.

66% say their backlog consists of more than 100,000 vulnerabilities and 54% say they were able to patch less than 50% of the vulnerabilities in the backlog.

"This is a significant loss of time and dollars spent just trying to get through the massive vulnerability backlogs that organizations' possess," said Liran Tancman, CEO of Rezilion, which sponsored the research.

"If you have more than 100,000 vulnerabilities in a backlog, and consider the number of minutes that are spent manually detecting, prioritizing, and remediating these vulnerabilities, that represents thousands of hours spent on vulnerability backlog management each year. These numbers make it clear that it is impossible to effectively manage a backlog without the proper tools to automate detection, prioritization, and remediation."

"We now have the data to track how much time vulnerabilities are stealing from teams across the software development life cycle and we know that it is a process that is not working effectively," said Tancman.

When asked how automation has impacted the time it takes to remediate vulnerabilities, 43% said there was a significantly shorter time to respond.

News URL

https://www.helpnetsecurity.com/2022/09/15/organizations-backlog-vulnerabilities/