April 16, IDG News Service – (International) Web site vulnerabilities fall, but hackers become more skilled. The number of coding mistakes on Web sites continues to fall, but companies are slow to fix issues that could be exploited by hackers working with improved attack tools, according to a security expert. The average number of serious vulnerabilities introduced to Web sites by developers in 2011 was 148, down from 230 in 2010, and 480 in 2009, said the chief technology officer (CTO) for WhiteHat Security, which specializes in testing Web sites for security issues. He spoke on the sidelines of the Open Web Application Security Project conference in Sydney, Australia, April 16. The vulnerabilities are contained in custom Web site code and are not issues that can be fixed by applying patches from, for example, Microsoft or Oracle, the CTO said. According to WhiteHat Security statistics, it takes organizations an average of 100 days to fix about half of their vulnerabilities. The risk is that vulnerabilities that have not been speedily remedied could be found by a hacker, resulting in a high-profile data breach.
Ali Loney, on April 16, 2012